Date: Fri, 25 Apr 2008 09:27:06 +0200 From: CZUCZY Gergely <gergely.czuczy@harmless.hu> To: "Morten Grunnet Buhl" <mortengb@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: pf (+ relayd?) as lvs replacement Message-ID: <20080425092706.2a977670@twoflower.in.publishing.hu> In-Reply-To: <402f78990804242338v5c2d6e95yaf73382878f8c26@mail.gmail.com> References: <402f78990804242338v5c2d6e95yaf73382878f8c26@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Sig_/s=wZ3M35vimV8vQ6S/l8fFF Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hello, A somewhat similar can be achived using relayd, but this kind of load balan= cing shouldn't be done on L2/L3 level. This kind of load balancing should be don= e on Layer7 with some application level load balancers. That way you can also do more then this (like sanitizing the requests before they get to the actual servers). Some projects exists out there to do this, like pound[1], or also nginx has some features for this propose, and even apache2.2 is being extended into t= his direction. [1] http://www.apsis.ch/pound/ On Fri, 25 Apr 2008 08:38:28 +0200 "Morten Grunnet Buhl" <mortengb@gmail.com> wrote: > Our setup: >=20 > +--------------------+ > | Client | > +----------+---------+ > | > | > | > +------------------------------+-------------------------------+ > | The World Wide Web (TM) | > +------------+-----------------+------------------+------------+ > | | Ext | > | +------+------+ | > | | Gentoo/LVS | | > | +------+------+ | > | Ext | | Ext > | | | > | +----------+-----------+ | > | | Int | | > +-+------+-+ +--+------+-+ > | FBSD1 | | FBSD2 | > +----------+ +-----------+ >=20 > GentExtif XXX.XXX.XXX.10 > GentIntif 10.0.0.10 >=20 > FBSD1Extif XXX.XXX.XXX.11 > FBSD1lo0alias XXX.XXX.XXX.10 > FBSD1Intif 10.0.0.11 >=20 > FBSD2Extif XXX.XXX.XXX.12 > FBSD2lo0alias XXX.XXX.XXX.10 > FBSD2Intif 10.0.0.12 >=20 > Gentoo/LSV > manipulates the package from a client and sends it to FBSD(1|2) > FBSD(1|2) then returns data directly to the client >=20 >=20 > As you can see, all of our machines have external ip's. > This diagram is a scaled down version of our setup. The Gentoo/LVS > machine handles more 'clusters' of (more than two) machines. > These machines are sending a lot more traffic than they are > receiving. Its therefor not feasible to route the traffic out > through one single machine as it would quickly become the bottleneck. >=20 > This setup is transparent to our users and is working quite well. >=20 > Motivation: > All our 'back-end' machines are now running *BSD. The company's only > Linux guy/defender/admin has left us. > We would therefor like to completely loose linux in our setup. > We have seen that IPVS has been ported to FreeBSD but have not had any > luck finding people that use it on a larger scale. Furthermore we would > like to make this solution more clean (if possible) using pf. >=20 >=20 >=20 > Question: > Is this possible with pf (maybe with relayd)? >=20 >=20 > Thanks in advance for any information (positive or negative) that might > help us on our way. >=20 > /mgb > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" --=20 =C3=9Cdv=C3=B6lettel, Czuczy Gergely Harmless Digital Bt mailto: gergely.czuczy@harmless.hu Tel: +36-30-9702963 --Sig_/s=wZ3M35vimV8vQ6S/l8fFF Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.3 (FreeBSD) iD8DBQFIEYfMzrC0WyuMkpsRAjheAJ9kuEgNDD396566os6x/qVtey/I6gCgpy+C 7hd7DcS5E8vpGwKitvyQ0Xk= =0Ea5 -----END PGP SIGNATURE----- --Sig_/s=wZ3M35vimV8vQ6S/l8fFF--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080425092706.2a977670>