* basic load distribution using -m statistic --mode nth
@ 2008-03-27 18:58 Per Jessen
2008-03-27 22:28 ` Patrick McHardy
0 siblings, 1 reply; 4+ messages in thread
From: Per Jessen @ 2008-03-27 18:58 UTC (permalink / raw)
To: netfilter
I'm trying to set up basic load distribution using the following:
iptables -t nat -A OUTPUT -d $addr -p udp --dport 53 -m
statistic --mode nth --every 2 --packet 0 -j DNAT --to $fe1
iptables -t nat -A OUTPUT -d $addr -p udp --dport 53 -m
statistic --mode nth --every 2 --packet 1 -j DNAT --to $fe2
(I know I can achieve pretty much the same using "options rotate"
in resolv.conf, but humour me).
I'm testing the setup with a simple "dig <host>", and it seems
to be working, except that I get a hang ("no servers could be
reached") on every 4th query. It is a consistently reproducable
behaviour.
I'm using iptables 4.0 and kernel 2.6.24.3. Can anyone spot
anything I've missed?
thanks
Per Jessen, Zürich
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: basic load distribution using -m statistic --mode nth
2008-03-27 18:58 Per Jessen
@ 2008-03-27 22:28 ` Patrick McHardy
0 siblings, 0 replies; 4+ messages in thread
From: Patrick McHardy @ 2008-03-27 22:28 UTC (permalink / raw)
To: Per Jessen; +Cc: netfilter
Per Jessen wrote:
> I'm trying to set up basic load distribution using the following:
>
> iptables -t nat -A OUTPUT -d $addr -p udp --dport 53 -m
> statistic --mode nth --every 2 --packet 0 -j DNAT --to $fe1
> iptables -t nat -A OUTPUT -d $addr -p udp --dport 53 -m
> statistic --mode nth --every 2 --packet 1 -j DNAT --to $fe2
>
> (I know I can achieve pretty much the same using "options rotate"
> in resolv.conf, but humour me).
>
> I'm testing the setup with a simple "dig <host>", and it seems
> to be working, except that I get a hang ("no servers could be
> reached") on every 4th query. It is a consistently reproducable
> behaviour.
>
> I'm using iptables 4.0 and kernel 2.6.24.3. Can anyone spot
> anything I've missed?
DNAT is terminal, so you need:
rule 1: --every 2 --packet 0
rule 2: unconditional
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: basic load distribution using -m statistic --mode nth
@ 2008-03-28 7:23 Per Jessen
2008-03-28 8:31 ` Per Jessen
0 siblings, 1 reply; 4+ messages in thread
From: Per Jessen @ 2008-03-28 7:23 UTC (permalink / raw)
To: netfilter
Patrick McHardy wrote:
>
> DNAT is terminal, so you need:
>
> rule 1: --every 2 --packet 0
> rule 2: unconditional
>
Thanks Patrick! Just what I needed.
/Per Jessen, Zürich
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: basic load distribution using -m statistic --mode nth
2008-03-28 7:23 basic load distribution using -m statistic --mode nth Per Jessen
@ 2008-03-28 8:31 ` Per Jessen
0 siblings, 0 replies; 4+ messages in thread
From: Per Jessen @ 2008-03-28 8:31 UTC (permalink / raw)
To: netfilter
Per Jessen wrote:
> Patrick McHardy wrote:
>
>> DNAT is terminal, so you need:
>>
>> rule 1: --every 2 --packet 0
>> rule 2: unconditional
>>
>
> Thanks Patrick! Just what I needed.
Hmm, I can't help wondering what the issue is in my second rule:
rule 1: --every 2 --packet 0
rule 2: --every 2 --packet 1
Why aren't they hit in a sequence of 1-2-1-2-1-2-1-2 etc ?
/Per Jessen, Zürich
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2008-03-28 8:31 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-03-28 7:23 basic load distribution using -m statistic --mode nth Per Jessen
2008-03-28 8:31 ` Per Jessen
-- strict thread matches above, loose matches on Subject: below --
2008-03-27 18:58 Per Jessen
2008-03-27 22:28 ` Patrick McHardy
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox