[MLB-WIRELESS] OT: Internet Load Sharing

Donovan Baarda abo at minkirri.apana.org.au
Mon Aug 30 15:05:30 EST 2004


On Tue, 2004-08-24 at 08:39, Adam H. wrote:
> > Like Tony said, LARTC should do you.
> >
> > Be aware, that multi-homed load balancing is relatively tricky/etc - I
> > think even at this point it requires linux kernel + userspace tool
> > patching.
> 
> Thanks guys. I will look at this, but am not entirely enthusiastic about
> it's "relatively trickyness". Especially if it involves patching linux
> kernel. (As I am not familiar with any of this. I normally install straight
> out of the box, and do some configuring).

The best HowTo kind of documentation I found on this was;

http://www.samag.com/documents/s=1824/sam0201h/0201h.htm

It's a bit RedHat-centric, but covers most things quickly, cleanly, and
well.

You can skip the "Kernel Configuration" bit as every distro's default
kernel should have the required settings (Debian's kernel packages work
fine).

The "Startup Scripts" bit is very RedHat. Under Debian you do the same
thing using /etc/network/interfaces and ip-up.d/ ip-down.d scripts in
/etc/ppp and/or /etc/network. Feel free to ask for a tarball of what
I've got if you want it.

Ignore the Firewalls bit and just use Shorewall... it makes complex
network firewalls easy.

Also worth installing is the Debian wondershaper package and configuring
it to be run in an ip-up.d script. This will give you Quality Of Service
(QOS) traffic shaping, so that big background downloads don't slow your
interactive ssh sessions to a crawl.

> Thanks also, to Rowan for suggesting squid. Maybe this is also something I
> should be looking at. (If it's going to be a lot simpler than LARTC).

Squid is very nice, but it can be tricky configuring a pair of them to
get best performance and robustness. Things are complicated by upstream
ISP's using transparent proxies and denying ICP access.

Proxy peering in theory is nice, but only works well when both proxies
are pretty heavily loaded. Too much content is dynamic, and a large
number of users is required to get significant "browsing overlap". Well
Under 10% peer hits is typical, with less than 5% bandwidth savings.
It's worth doing when the interconnect between proxies is fast and free,
but only because it's easy and doesn't hurt, so any gains are a bonus.

I was going to suggest a possible configuration, but too much depends on
what kind of agreement you have between each other and what kind of
proxy your ADSL upstreams have. The ideal configuration would have both
proxies sharing hits, and load-balanced sharing of both upstream ADSL
connections. This can be tricky to set up, but it is possible.

Another thing for the more advanced and adventurous could try is Zorp.
Zorp is an application proxy layer firewall with a fast iptables/C based
core that is extensible using Python. In theory it could be extended to
do very efficient and robust application layer link sharing for whatever
protocols you want (http, smtp, ftp, whatever). This could use a ping
heartbeat for load-balancing upstream links per connection. This would
be better than the normal tcp layer dual-default route + source IP
routing, which cannot measure load and and balances per IP.

-- 
Donovan Baarda <abo at minkirri.apana.org.au>
http://minkirri.apana.org.au/~abo/


To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message



More information about the Melbwireless mailing list