Re: load balancing(2)

To: debian-isp@lists.debian.org
Subject: Re: load balancing(2)
From: "Volker Tanger" <volker.tanger@discon.de>
Date: Thu, 13 Mar 2003 16:47:47 +0100
Message-id: <20030313164747.1322360e.volker.tanger@discon.de>
In-reply-to: <20030313155224.A6794@elmo.2sheds.de>
References: <1047565705.497.29.camel@oficina4> <20030313155224.A6794@elmo.2sheds.de>

Greetings!

On Thu, 13 Mar 2003 15:52:24 +0100 Andrew Miehs <andrew@jinx.de> wrote:

> If two, this will start getting more complicated. You will need to
> look into using BGP. As you are asking this question, I assume that
> you havent had much experience with BGP, and would recommend asking
> your provider for help. Providers can sometimes be a bit picky with
> offering customers BGP feeds,

Well, (expensive, proprietary) solutions like from Rainfinity offer that
without routing protocols. For outgoing they use the(ir) firewall
cluster's ability to do load balancing and use different default routes
on each of the firewall cluster's machines. As soon as one outgoing line
life-check indicates a problem, all cluster members witch their gates to
the good line(s).

For incoming the firewalls simply use DNS Round-Robin on the FW members
which have to be listed as primary/master servers for the domain in
question. This way you are independent on network mechanics.

The FW cluster sandwiched between switches (redundancy/failover
necessary here, too?) will be placed at "????" below.

> >     network 1                _____ internet connection 1 
> >              \____ ????_____/
> >              /              \_____ internet connection 2
> >     network 2			

How to do that with Debian?

A redirector is placed at "????".

Simple outgoing HA first part: the internal network(s) use the
redirector as default gate. That one does health checks of the internet
connection. As soon as there is a problem, it switches it's default gate
to the other one.

Simple outgoing HA second part: replace the single redirector PC with a
(failover) cluster e.g. LVS.

Simple outgoing HA (3) with some load balancing: you'll need a cluster
of two or more redirectors for this. Network 1 uses clustermember1's
(primary yet clustered) IP Address as default gateway, network 2 the
one of clustermember2. Disadvantage is that you'll have to rely on
manually tuning the networks and network members to achieve acceptable
results.

All this is available as run-off-the-mill software.

I did not check back, but isn't there policy based routing for Linux
somewhere out there? If so, you could implement that on the cluster
instead of switching default gates. Does anyone know
referneces/pointers?

Bye

Volker Tanger
IT-Security Consulting

-- 

discon gmbh
Wrangelstraße 100
D-10997 Berlin

Telefon  (030) 6104-3307
Telefax  (030) 6104-3435

volker.tanger@discon.de
http://www.discon.de/

Reply to:

Follow-Ups:
- Re: load balancing(2)
  - From: Andrew Miehs <andrew@jinx.de>

References:
- load balancing(2)
  - From: danilo lujambio <danilo@tau.org.ar>
- Re: load balancing(2)
  - From: Andrew Miehs <andrew@jinx.de>

Prev by Date: Some help with mod rewrite needed.
Next by Date: Re: Php4 broken package ?
Previous by thread: Re: load balancing(2)
Next by thread: Re: load balancing(2)
Index(es):
- Date
- Thread