Load Balancing under Linux
Charles Steinkuehler
charles at steinkuehler.net
Fri Apr 19 22:17:09 CDT 2002
> The document was last updated on February 7. Their workaround is to have
> _three_ routers. There may be an alternative, if you're not married
> to Linux however. The ipnat(7) man page on my BSD router seems to
> indicate that this is possible on one box using the 'ipfilter' package.
> In ipnat.rules you should be able to have something like
>
> map de0 from 192.168.0.0/24 to 0.0.0.0/1 -> 0.0.0.0/32
> map de1 from 192.168.0.0/24 to 128.0.0.0/1 -> 0.0.0.0/32
>
> In this example, "de0" and "de1" are your two outside interfaces.
> 192.168.0.0/24 is your inside network. 0.0.0.0/1 is the first half
> of the IPv4 address space. 128.0.0.0/1 is the second half of the IP
> address space. 0.0.0.0/32 is shorthand for "whatever the IP address of my
> interface happens to be," which is necessary for DHCP-assigned addresses.
> If you have a statically-assigned address pool, it would be your outside
> NAT address.
>
> The problem with this approach is that you have to manually fiddle
> with the outbound network addresses to tune the amount of traffic on
> each interface.
>
> The other problem is that it doesn't gracefully handle a failure on one
> of the links.
>
> The other other problem is that while the documentation suggests that
> it will work, I couldn't find any examples on the net of someone doing
> this it in real life.
I was somewhat involved in the whole 3-router process. The three routers
were being used mainly to prevent potential confusion caused by complex
routing configurations, and to work around any potential limitations of the
2.2 kernel's masquerading code. The goal was to migrate to a single box (or
determine exactly why you couldn't) once everything was working with the 3
router setup. A 2.4 kernel (with iptables) might be required to deal with
some of the masquerading issues, but I'm reasonably sure a correctly setup
2.2 kernel would probably work on a single box.
So...AFAIK, what you want to do is possible, but no-one has gotten to the
point of both getting it to work and then providing details for "the rest of
us"...
If you want to be a guinea pig, I can help with some of the setup and
configuration issues...I just haven't had time (or multiple network uplinks
:) to try this myself.
Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)
More information about the Kclug
mailing list