Iptables for load balancing internet traffic

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Danny <dineshg@hostway.com>
To: netfilter@lists.netfilter.org
Subject: Iptables for load balancing internet traffic
Date: Mon, 13 Nov 2006 22:26:24 +0530	[thread overview]
Message-ID: <4558A3B8.9080905@hostway.com> (raw)

Hi everyone,


Is there a perfect solution to use iptables for load balancing outgoing 
internet traffic ?

I am using Debian Sarge 3.1 [ kernel 2.4.27 ] [ iptables v1.2.11 ]  I 
chose this kernel specifically for this purpose.

I have tried the below 2 techniques  : -


1 > Tried using random patch
iptables -t mangle -A OUTPUT -o ! eth0    -m random --average 50 -j MARK 
--set-mark 1
iptables -t mangle -A PREROUTING -i eth0  -m random --average 50 -j MARK 
--set-mark 1
ip ro add table 10 default via 10.90.101.1  dev eth2
ip ru add fwmark 1 table 10
ip ro fl ca


iptables -t mangle -A OUTPUT -o ! eth0   -m random --average 50 -j MARK 
--set-mark 2
iptables -t mangle -A PREROUTING -i eth0 -m random --average 50 -j MARK 
--set-mark 2
ip ro add table 20 default via 10.90.102.1 dev eth3
ip ru add fwmark 2 table 20
ip ro fl ca


iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to 10.90.101.2
iptables -t nat -A POSTROUTING -o eth3 -j SNAT --to 10.90.102.2
ip ro add default nexthop via 10.90.101.1  dev eth2 weight 1 nexthop via 
10.90.102.1 dev eth3 weight 1

#-------------end -------------
Well this didnt do the job for me ! It was breaking TCP connections. It 
was load balancing UDP packets well though !


2> Tried using nth patch
iptables -t mangle -A PREROUTING -i eth0 -m state --state NEW   -m nth 
--every 2 --counter 2  --packet 0  -j CONNMARK  --set-mark 1
iptables -t mangle -A PREROUTING -i eth0 -m state --state NEW   -m nth 
--every 2 --counter 2  --packet 1  -j CONNMARK  --set-mark 2
iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to 10.90.101.2
iptables -t nat -A POSTROUTING -o eth3 -j SNAT --to 10.90.102.2
ip ro add table 10 default via 10.90.101.1  dev eth2
ip ru add fwmark 1 table 10
ip ro fl ca
ip ro add table 20 default via 10.90.102.1 dev eth3
ip ru add fwmark 2 table 20
ip ro fl ca
ip ro add default nexthop via 10.90.101.1  dev eth2 weight 1 nexthop via 
10.90.102.1 dev eth3 weight 1
#----end

This kept the tcp connections intact. But it wasnt distributing the 
internet traffic evenly.
The ditribution of connections through the links are not even.

# iptables -L PREROUTING -t mangle -nv
Chain PREROUTING (policy ACCEPT 82796 packets, 20M bytes)
pkts bytes target     prot opt in     out     source               
destination
  8   480 CONNMARK   all  --  eth0   *       0.0.0.0/0            
0.0.0.0/0           state NEW every 2th counter #2 packet #0 CONNMARK 
set 0x1
  8   480 CONNMARK   all  --  eth0   *       0.0.0.0/0            
0.0.0.0/0           state NEW every 2th counter #2 packet #1 CONNMARK 
set 0x2

-- this shows that connections have been marked evenly. But 
/proc/net/ip_conntrack doesnt show even number of connections.

# sed  's/^.*\(mark=[12]\).*$/\1/g'   /proc/net/ip_conntrack  | grep -v 
"mark=0"
mark=2
mark=2
mark=2
mark=2
mark=2
mark=2
mark=2
mark=1
mark=2
mark=2


Most of the connections here are marked 2. [ sometime most of them are 
marked 1 ]



Is there any other perfect solution for load balancing internet traffic ?

I have gone through many forums, but I havent got the perfect solution yet.


Thank you,
Danny

next             reply	other threads:[~2006-11-13 16:56 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-11-13 16:56 Danny [this message]
2006-11-14  8:32 ` Iptables for load balancing internet traffic bill
2006-11-14  9:38   ` Danny
2006-11-14 10:15     ` Jorge Nerín
2006-11-14 11:26       ` Danny
2006-11-15  0:35         ` Jorge Nerín

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4558A3B8.9080905@hostway.com \
    --to=dineshg@hostway.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.