IPv6 Load Balancer

Xavier Beaudouin kiwi at oav.net
Tue Mar 30 01:04:26 CEST 2010


Hi there,

Le 29 mars 2010 à 22:04, Tore Anderson a écrit :

> * Bertrand Yvain
> 
>>>> Sure... but those load-balancing proxies are just that: proxies.
>> 
>> In my understanding, NAT or DR are not proxying methods.  Proxying 
>> implies the creation of another full request stack.
> 
> I see what you mean.  You're right, it is probably not semantically
> correct to call load-balancer, that only does packet forwarding and
> L3/L4 header rewriting, a proxy.  However, my point was that you...

By the way this is what I was looking, I didn't say proxy.

>>>> IMHO, load balancers should do NAT or direct routing so that
>>>> real servers do receive source IP address and port number.
> 
> ...appeared to imply that «proper» load balancers are only those that do
> L3/L4 header rewriting and packet-by-packet forwarding.  I disagree;  a
> load balancer that operates in proxy mode will balance load just as much
> as one that does packet mode, and the proxy mode one will usually be
> much more flexible in what you can make it do.  It's not without reason
> that F5's BIG-IP load balancers will by default use proxy mode - in
> packet mode you lose the ability to use much of the iRule stuff.
> 
> Whether or not the real servers see the original IP address of the
> client in their incoming IP packet or not is completely independent of
> whether or not packet or proxy mode is used

Hum.. proxy are good, if the proxiefied backend support the fact the IP address is not really the same as it is connected to.... 

For example, how can you do p0f with this kind of stuff ? 

LB that work only on packet level (L2/L3) can run unmodified servers... without hacking it to make it run like real life.

And for example if you have several proxies like :

 ->Proxy/LB---> Nginx (for static files)---> apache (for PHP stuff and nasty things)

You have play with nginx then apache... etc... and add lots of bugs...


[...]

>> Anyway... as you pointed out, different needs call to different 
>> solutions.  I believe that Xavier (original poster) was looking for 
>> NAT/DR load balancers.  Linux IPVS is my personnal favourite but I
>> have no production experience with it's IPv6 version (which is
>> shipped with mainline kernel since 2.6.28, I believe).
> 
> Xavier said he wanted to replace a BIG-IP box with an open-source
> product...  and HAProxy is probably the open-source product that
> operates in the most similar way and has the most similar feature list.
> Though if he's only interested in L3/L4 rewriting/packet-by-packet
> balancing then IPVS is a good choice, I agree.

I don't like HAProxy... I'm mostly a BSD guy, L3/L4 rewriting packet and proxy can be done with IPVS (but, I don't like the way of Linux works with IPv6, but this is my own way of thinking...), but I try to find another alternative to relayd...

Do someone has tested this here? 

relayd : https://calomel.org/relayd.html

The documentation shown here doesn't show IPv6, but it support it...

Now on the opensource world we have :
- ipvs
- relayd
- mostly sldb (but I dunno if this IPv6 compliant)

and...  Blackbox stuff :)

Any other ideas ?

/Xavier


More information about the ipv6-ops mailing list