From owner-freebsd-questions Tue Jun 18 9:48:59 2002 Delivered-To: freebsd-questions@freebsd.org Received: from smtp1.amigo.net (smtp1.amigo.net [209.94.64.30]) by hub.freebsd.org (Postfix) with ESMTP id 2E1FE37B408 for ; Tue, 18 Jun 2002 09:48:53 -0700 (PDT) Received: from stalker.amigo.net (billing.amigo.net [209.94.67.250]) by smtp1.amigo.net (8.11.4/8.11.4) with ESMTP id g5IGpMk95947; Tue, 18 Jun 2002 10:51:22 -0600 (MDT) (envelope-from randys@amigo.net) Date: Tue, 18 Jun 2002 10:49:07 -0600 (MDT) From: Randy Smith X-X-Sender: randy@stalker.amigo.net To: Bill Moran Cc: Alexander V Zubchenko , "freebsd-questions@freebsd.org" Subject: Re: IPFW as load balancer In-Reply-To: <3D0F4B58.4030009@potentialtech.com> Message-ID: <20020618092704.Q6594-100000@stalker.amigo.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 18 Jun 2002, Bill Moran wrote: > Date: Tue, 18 Jun 2002 11:01:44 -0400 > From: Bill Moran > To: Randy Smith > Cc: Alexander V Zubchenko , > "freebsd-questions@freebsd.org" > Subject: Re: IPFW as load balancer > > Randy Smith wrote: > > >>>Is it possible to use IPFW to do load balancing? I want to do create a > >> > >>Yes it is. > >> > >> > >>>trasparent proxy to a cluster of Squid caches. I was thinking of something > >>>along the lines of: > >>> > >>>add prob .33 fwd ,3128 tcp from to any 80 > >>>add prob .50 fwd ,3128 tcp from to any 80 > >>>add fwd ,3128 tcp from to any 80 > >>> > >>>Does this make sense or is there a better solution? > > I doubt this will work, since individual requests can take up more than > a single IP packet, the transmission could get broken up and rendered > incoherent. Argh. You're right, of course. > Something more plausable would bet to break up your internal traffic > by subnets. i.e.: > add fwd ,3128 tcp from 192.168.0.0/24 to any 80 > add fwd ,3128 tcp from 192.168.1.0/24 to any 80 > add fwd ,3128 tcp from 192.168.2.0/24 to any 80 > > On the one hand, this isn't "dynamic" load-balancing, so a single > proxy could easily be overloaded, while another is idle. It is > better than simply configuring each client seperatly, though, since > you can manually adjust the balancing at the server. > I thought of that. I'm just looking for something a bit more dynamic. I suppose I could always write the code myself. :-) I wonder if keep-state and check-state could be used to keep the packets flowing to the same cache. Is the prob option copied to dynamic rules? From sys/netinst/ip_fw.c: * There are some limitations with dynamic rules -- we do not * obey the 'randomized match', Glancing through ip_fw.c (specifically ip_fw_chk() and lookup_dyn_rule()), it appears that the probability is not checked/used for dynamic rules. (Which is probably what the comment above means.) So, if I have these rules add prob .33 fwd ,3128 tcp from 192.168.0.0/24 to any 80 keep-state add prob .50 fwd ,3128 tcp from 192.168.0.0/24 to any 80 keep-state add fwd ,3128 tcp from 192.168.0.0/24 to any 80 keep-state and ipfw get a connection from e.g. 192.168.0.42 that hits the cacheA rule, does that mean ipfw would create the dynamic rule below? fwd ,3128 tcp from 192.168.0.42 to any 80 If so, it seems to me that it would create a rule that would the forward all of the packets from the client (192.168.0.42) to cacheA. Does this make sense or am I out in left field? Thanks for the input. -- Randy Smith Amigo.Net Systems Administrator 1-719-589-6100 x 4185 http://www.amigo.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message