Load Balancing under Linux

Gerald Combs gerald at ethereal.com
Fri Apr 19 21:57:22 CDT 2002 

On Fri, 19 Apr 2002, Duane Attaway wrote:

> This seems to cover what you need under Floating Static Routes:
> 
> http://leaf.sourceforge.net/pub/doc/howto/LRP-Load-Balancing-HOWTO.html

Floating static routes might work if all you want is failover.  However,
that section has the following entry concerning load balancing:

"But don't get too happy too fast here, because I don't currently know of
any way to make Linux masquerade behind two interfaces at the same time.
In other words, this scenario will only work properly if one of your
networks doesn't need to use NAT. However, this can still work if:

    * One of your ISPs provides you with lots of real IP space. In this
      case, you'll use the real IP space for your internal network (note
      this will require either subnetting the space or using bridge mode
      on the router), then do NAT on your other ISP interface.

    * One of your interfaces has a NAT-capable router instead of a modem
      or a bridge. In this case, you'll set up the router to NAT and
      give it 192.168.1.0 as its internal network. Connect it to eth1
      on the LRP and assign that interface 192.168.1.254. Then set up
      your other connection on eth0 and masquerade it.

    * You have two routers, one for each ISP. In this case you'll do
      floating static routes on each router, with backup routes pointing
      to the other router."

The document was last updated on February 7.  Their workaround is to have
_three_ routers.  There may be an alternative, if you're not married
to Linux however.  The ipnat(7) man page on my BSD router seems to
indicate that this is possible on one box using the 'ipfilter' package.
In ipnat.rules you should be able to have something like

map de0 from 192.168.0.0/24 to 0.0.0.0/1 -> 0.0.0.0/32
map de1 from 192.168.0.0/24 to 128.0.0.0/1 -> 0.0.0.0/32

In this example, "de0" and "de1" are your two outside interfaces.
192.168.0.0/24 is your inside network.  0.0.0.0/1 is the first half
of the IPv4 address space.  128.0.0.0/1 is the second half of the IP
address space.  0.0.0.0/32 is shorthand for "whatever the IP address of my
interface happens to be," which is necessary for DHCP-assigned addresses.
If you have a statically-assigned address pool, it would be your outside
NAT address.

The problem with this approach is that you have to manually fiddle
with the outbound network addresses to tune the amount of traffic on
each interface.

The other problem is that it doesn't gracefully handle a failure on one
of the links.

The other other problem is that while the documentation suggests that
it will work, I couldn't find any examples on the net of someone doing
this it in real life.

> Also, you might be able to use the EQL support built into 2.x kernels and
> later.  Here is how to get things set up:
> 
> http://home.indyramp.com/eql/eql.html

According to the introduction, it only works for serial links.  Even if
it worked for Ethernet, it does simple round-robining -- how would
you prevent it from sending traffic tied to one NAT connection out the
wrong interface?

> 
> -- 
> Why drive a car when you can ride a bike?
> http://attaway.yi.org                   http://counter.li.org   user #142150
> 
> 
> 
>

More information about the Kclug mailing list