IPv6 Load Balancer

Tore Anderson tore.anderson at redpill-linpro.com
Mon Mar 29 22:04:44 CEST 2010


* Bertrand Yvain

>>> Sure... but those load-balancing proxies are just that: proxies.
> 
> In my understanding, NAT or DR are not proxying methods.  Proxying 
> implies the creation of another full request stack.

I see what you mean.  You're right, it is probably not semantically
correct to call load-balancer, that only does packet forwarding and
L3/L4 header rewriting, a proxy.  However, my point was that you...

>>> IMHO, load balancers should do NAT or direct routing so that
>>> real servers do receive source IP address and port number.

...appeared to imply that «proper» load balancers are only those that do
L3/L4 header rewriting and packet-by-packet forwarding.  I disagree;  a
load balancer that operates in proxy mode will balance load just as much
as one that does packet mode, and the proxy mode one will usually be
much more flexible in what you can make it do.  It's not without reason
that F5's BIG-IP load balancers will by default use proxy mode - in
packet mode you lose the ability to use much of the iRule stuff.

Whether or not the real servers see the original IP address of the
client in their incoming IP packet or not is completely independent of
whether or not packet or proxy mode is used.

> Multi-gigabit throughput can be achieved on commodity hardware.

Well, yes.  But packet vs. proxy mode doesn't really make much of a
difference here either.  A modern x86 server with HAProxy will happily
push many Gb, so will a F5 BIG-IP (which is just x86 inside nowadays).

> native IPv6 is not that hard to implement in a server farm.

Depends on the size of the server farm and the number of applications on
it...  Numbering the servers themselves is super-easy, making hundreds
of applications that are running on those servers start talking to each
other over IPv6 - now that's the challenge.  In general I don't see it
as worth-while attempting a conversion, as long as IPv6 service can be
provided at the front-end layer.

In a while we'll probably do the exact opposite for new
customers/installations:  running single-stack IPv6 in the backend
networks and terminating IPv4 only at the frontends/load balancers.  I
don't want to be running a combination of both (ie. dual-stack) in the
backend unless it's absolutely necessary for some reason - too much
administrative overhead.

> Anyway... as you pointed out, different needs call to different 
> solutions.  I believe that Xavier (original poster) was looking for 
> NAT/DR load balancers.  Linux IPVS is my personnal favourite but I
> have no production experience with it's IPv6 version (which is
> shipped with mainline kernel since 2.6.28, I believe).

Xavier said he wanted to replace a BIG-IP box with an open-source
product...  and HAProxy is probably the open-source product that
operates in the most similar way and has the most similar feature list.
 Though if he's only interested in L3/L4 rewriting/packet-by-packet
balancing then IPVS is a good choice, I agree.

Best regards,
-- 
Tore Anderson
Redpill Linpro AS - http://www.redpill-linpro.com/
Tel: +47 21 54 41 27



More information about the ipv6-ops mailing list