From owner-freebsd-questions Fri Mar 22 7:54:21 2002 Delivered-To: freebsd-questions@freebsd.org Received: from linuxmail.touchtunes.com (operator.touchtunes.com [216.94.139.201]) by hub.freebsd.org (Postfix) with ESMTP id 5F16E37B404 for ; Fri, 22 Mar 2002 07:54:15 -0800 (PST) Received: from sunder.touchtunes.com (sunder.touchtunes.com [192.168.0.26]) by linuxmail.touchtunes.com (8.9.3/8.8.7) with ESMTP id KAA30000 for ; Fri, 22 Mar 2002 10:54:29 -0500 Received: (from dinjo@localhost) by sunder.touchtunes.com (8.11.6/8.11.6) id g2MFZIB39858; Fri, 22 Mar 2002 10:35:18 -0500 (EST) (envelope-from dinjo) Date: Fri, 22 Mar 2002 10:35:18 -0500 From: Joel Dinel To: jason+freebsd@kanda.com Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Basic load balancing with IPFW Message-ID: <20020322103518.A39798@sunder.touchtunes.com> Mail-Followup-To: Joel Dinel , jason+freebsd@kanda.com, freebsd-questions@FreeBSD.ORG References: <20020322160952.Q28894-100000@uk2.kanda-systems.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020322160952.Q28894-100000@uk2.kanda-systems.net>; from jason+freebsd@kanda.com on Fri, Mar 22, 2002 at 04:19:19PM +0000 X-Useless-Header: Look ma, it's a # sign! X-Operating-System: FreeBSD 4.5-STABLE i386 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, Mar 22, 2002 at 04:19:19PM +0000, jason+freebsd@kanda.com wrote: > The original poster was referring to balancing available server resources, > you seem to be thinking about balancing bandwidth resources. The two are > not the same and require different techniques. > > To the original poster: Maybe you can post some censored firewall rules > from the Linux box? This might make it easier for someone else to advise > you. > > Jason > ---end quoted text--- Thank you! Finally, someone who understands what I am trying to do. Here's a sanitized IPChains rule from the current firewall : $MASQADM portfw -a -P tcp -L $LOCALIP 5556 -R $DEVCON1 5556 -p 1 $MASQADM portfw -a -P tcp -L $LOCALIP 5557 -R $DEVCON1 5557 -p 1 #$MASQADM portfw -a -P tcp -L $LOCALIP 5556 -R $DEVCON2 5556 -p 1 #$MASQADM portfw -a -P tcp -L $LOCALIP 5557 -R $DEVCON2 5557 -p 1 The "-p 1" part here is what does the ratio balancing. The 2 servers (DEVCON1 and DEVCON2) are getting the same ratio of connections. If I boost the number to 10 for DEVCON1, this machine will be getting 10 times more connections. It's a very simple and 'serial' load balancing solution; the first connection goes to DEVCON1, the next one goes to DEVCON21, and so on and so forth. Somebody on this list suggested 'PEN' from the ports collection. That would work. I was hoping of doing it at the filtering level, to be as simple as possible. IPFilter does Round-Robin'ing and Ratio load balancing, but I was hoping to stick with IPFW (I know it much better). Thanks Jason! -- Joel Dinel System Administrator TouchTunes Digital Jukebox, Inc. GnuPG key : http://lysander.mine.nu/~kint/mykey.asc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message