Load Balancing under Linux (suggestion)

Gerald Combs gerald at ethereal.com
Fri Apr 26 13:09:20 CDT 2002 

On Fri, 26 Apr 2002, david nicol reading obsolescent UMKC mailboxes wrote:

> just a mail server?  it seems it would make more sense to constantly
> update multiple MX records with short TTLs with all the interfaces.  

I wrote "mail server" because I was using one of Micorosoft's mail servers
as an example, and it was shorter than writing "all of the servers that
are on your network that the world needs uninterrupted access to."

In reality, Microsoft has several inbound mail servers that the load
balance across using round-robin DNS MX and A records:

squish:/home/gerald> host -t mx microsoft.com
microsoft.com. mail is handled by 10 maila.microsoft.com.
microsoft.com. mail is handled by 10 mailb.microsoft.com.
microsoft.com. mail is handled by 10 mailc.microsoft.com.

squish:/home/gerald> host maila.microsoft.com
maila.microsoft.com. has address 131.107.3.125
maila.microsoft.com. has address 131.107.3.124

squish:/home/gerald> host mailb.microsoft.com
mailb.microsoft.com. has address 131.107.3.122
mailb.microsoft.com. has address 131.107.3.123

squish:/home/gerald> host mailc.microsoft.com
mailc.microsoft.com. has address 131.107.3.121
mailc.microsoft.com. has address 131.107.3.126

This works for mail (since you have MX records to play with), but not so
much for web, ftp, gopher, ssh, or other services that don't have special 
preference-enhanced DNS record types associated with them.

> what does iptables to to current masqed connections when you alter the
> rules?
> If it leaves them alone it seems that you could
> have a backgrounded shell that does something like
> 
>      iptables -t nat -A POSTROUTING -o eth3 -j MASQUERADE
>      while sleep 1 do
>        iptables -t nat -R POSTROUTING 1 -o eth1 -j MASQUERADE
>        sleep 1
>        iptables -t nat -R POSTROUTING 1 -o eth2 -j MASQUERADE
>        sleep 1
>        iptables -t nat -R POSTROUTING 1 -o eth3 -j MASQUERADE
>      done
> 
> 
> anyone feel like trying this?
> 
> .... it would confuse the hell out of FTP servers

...not to mention any established TCP connections.  TCP stacks don't like
it when your source address and/or port change all of a sudden.

More information about the Kclug mailing list