FW: Data Piping

To: "'debian-firewall@lists.debian.org'" <debian-firewall@lists.debian.org>
Subject: FW: Data Piping
From: "Graf, Christian" <Christian.Graf@enterasys.com>
Date: Thu, 16 Nov 2000 09:26:33 -0000
Message-id: <[🔎] 81AF79A406C2D311AD740090273CA35630BAAD@fra-exc1.ctron.com>

-----Original Message-----
From: Graf, Christian 
Sent: Wednesday, November 15, 2000 5:40 PM
To: Graf, Christian
Subject: RE: Data Piping


I'm sorry,

but I deleted an email from one of the guyse who asked me directly. So I'm
answering direct. 
The goal was to use a linux-machine, attached with 2 dsl-interfaces to give
wan-access to an local network. A problem was to loadbalance the traffic
between those two dsl-interfaces.

At least I have got two solutions for it.
1) download the gated-routing daemon. This daemon should policy-based
routing and should be free. I have never tried it on linux, but other guys
told me, that this is a cool daemon.

2) buy some hardware. First actual routers are really cheap. The times a
router was about 250.000US$ is far away. You can get today layer 3/4
switches (new term for routers) with 16 10/100 Ports fully routed for less
then 10.000US$. Those machine do a much better and faster job than our
linux-machines. Take a layer 4 switch with a feature called policy-routing.
Policy routing overrides the local route-table in the way you want it.

design

divide the one linux-machine with two interfaces to two linuxmachines with
only one interface. connect a router to both betwenn the local net. Here I
don't talk about nat and those things. But in this scenario I think the
linux-machines do the nat already. (ofcourse the layser 4 switch should be
able to do static and dynamic nat, overload, ...)


dsl - linux 1----
			layer4 ---- local net
dsl - linux 2---- 


so what is the clue of the layer 4 switch. you could use the policy-routing
to divide traffic (ftp to linux1, http to linux2) and do a loadbalancing in
this fashion. Important: the layer 4 switch should be able to switch over
all traffic to one interface if the second will fail and should
automatically load-balance again, when it is back again.
A second way of loadbalancing is using a gate-list. The layer4 switch uses
then 2 default gateways (linux 1 and linux2) and you can tell him, if
- only one is usedr and the second one is standby
- both are used for REAL loadsharing

and when loadsharing: if one fails redirect all traffic to the one which is
still running

hope this helps

christian


p.s. there are whitepapers available
-----Original Message-----
From: Graf, Christian 
Sent: Monday, November 13, 2000 8:33 PM
To: Ryu, Cheol
Cc: Steve Gonczi; lvs-users@LinuxVirtualServer.org;
debian-firewall@lists.debian.org
Subject: RE: Data Piping


Hi friends,

there ae a lot of load-balancer outside. All of them have probelems in some
listed points below:
- graceful dead (can I shutdown a server without distrubing my users?)
- amount of concurrent sessions
- is the balancer itself redundant
- when redundant : failover time
- are there sticky ports (if there is a http-connection and additional
sound, will both be forwarded to the same server ?)
- cookies
- https (ssl traffic)
- throughput

of course, as you can see I'm an enterasys employee and we have some
loadbalancers. And of course, nothing is perfect! 

something I would keep in mind is always a clean design with powerful
options for taking some traces. If you do not know the way your packets are
going (or balanced) it is difficult to find those which are lost ...
-----Original Message-----
From: Benjamin Lee [mailto:benjaminlee@consultant.com]
Sent: Thursday, November 09, 2000 2:22 AM
To: Ryu, Cheol
Cc: Steve Gonczi; lvs-users@LinuxVirtualServer.org;
debian-firewall@lists.debian.org
Subject: Re: Data Piping


On Thu, Nov 09, 2000 at 10:15:43AM +0900, Ryu, Cheol wrote:

> Let me explain one apllication;
> Resonate(www.resonate.com)  has a patent on delayed resource binding,
according to 
> the URL which the client requests they select a web server. But if the
requests are in one 
> persistent connection, they probably need switch to another server
according to the URL 
> binding rule. They can disconnect the original connection and can
establish a new connection 
> internally, but they can also maintain multiple connections. If you keep
TCP end points 
> (IP address and Port Number) and TCP sequence number, you can demultiplex
or translate.
> 
> Basically, this is one of NAT techniques.

Hello,

Now this *is* an interesting motivation.

Ben.

-- 
B.      http://makelinux.org/    "Always real."    http://realthought.net/
__________________________________________________________________________
For my birthday I got a humidifier and a de-humidifier...  I put them in
the same room and let them fight it out.
		-- Steven Wright


--  
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Reply to:
Prev by Date: Re: ipmasq and pon/poff questions
Next by Date: Connection priority
Previous by thread: RE: Data Piping
Next by thread: Newbie Questions Part 1
Index(es):
- Date
- Thread