March 27, 2009 at 2:08 pm #41584
I would appreciate if a zeroshell expert could help me with the following problem: I have a device which is NATted, more precisely PATted, that I would like to load balance. For some reason it’s more convenient to leave it this way rather than reconfigure it as a routed device. Would this situation reduce the efficiency of load balancing with zeroshell compared to a routed device? The network diagram is as follows:
LAN — natted device — zeroshell box === 2 DSL lines
In other words, the problem is if load balancing of multiple LAN sources with different IP addresses is more efficient than load balancing of the same sources hidden behind PAT? By better efficiency I mean the average traffic distribution (in bps) which is closer to the desired weighting e.g. 2:1?March 27, 2009 at 2:38 pm #47896
What is this NATed device?
From the diagram here it seems that you terminate the PPPoE of the DSLs to the ZS. Then whatever is connected behind the ZS box will be using your private address space, including the NATed device. Once you have configured the load balancing of the DSL lines there is nothing else you need to do. Everything will be balanced between the 2 lines with a round-robin algorithm with the ratio that you will define as a weight per line. The balancing occurs per connection so it doesn’t really matter if you have one IP address or multiple.March 27, 2009 at 9:50 pm #47897
The NATted device is a nomadix gateway. The PPPoE is terminated on DSL routers and there are routable subnets between the zeroshell box and the routers. I tested both scenarios with two PCs behind the nomadix in the routed mode i.e. with NAT only done on the zeroshell and with NAT done on both the zeroshell and nomadix. I did not see any difference and I could see that when I was simultaneously sending traffic to the same destination from both PCs it was going through the same DSL connection so it didn’t look like a connection round robin. If anything it was more like destination round robin in which case obviously it wouldn’t matter if the zeroshell box sees packets coming from a single NAT IP address or two different addresses routed from the LAN. I have been trying to work out how the load balancing works for zeroshell from the scripts in /root/kerbynet.cgi/scripts but it’s a lot of code there and I am a bit time restricted to do it. On the other hand when I look at the routing tables it looks like the load balancing is done the normal linux way i.e. based on routes which is consistent with what I see.
I don’t like the idea of doing NAT on nomadix but we have a standard nomadix configuration across different sites and plan to only have some of them load balanced so introducing different configuration options for load balanced and non-load balanced sites is a bit of a hassle.
PS. I am new to zeroshell and have been quite impressed.March 30, 2009 at 7:51 am #47898
It is generally not recommended to do a double NAT.
Regarding what you say about the test you’ve done with 2 PCs sending traffic to the same destination I object to your statement, cause you don’t know how many other connections have been created between the initialization of both connections, e.g DNS, IM, ntp.
Zeroshell is a linux distro, so it will behave like any linux regarding the networking. Routing is of course based on routing table, as it happens on any networking device, but if you have multiple gateways for the same destination you can do load balancing.March 31, 2009 at 2:16 am #47899
I can exactly see what is coming out of the box by having two ssh connections to it and running “tcpdump -i ETH01” in one and “tcpdump -i ETH02” in the other. Also, I don’t care about which way lightweight connections like DNS go out. What I care about are major traffic flows like people watching youtube and how they’re load balanced.
As far as Linux outbound load balancing is concerned the answer is not as straightforward as you suggest. As far as I understand there are at least two ways of doing it, one using advanced routing and multipath default routes (http://lartc.org/howto/lartc.rpdb.multiple-links.html) and the other one using netfilter/iptables and n-th/random patches or statistics module (http://www.sysresccd.org/Sysresccd-networking_en_Iptables-and-netfilter-load-balancing-using-connmark#The_statistic_match) and I am not clear how it is done in Zeroshell and don’t have the time to review the code to work it out.March 31, 2009 at 9:57 am #47900
After checking the links that you posted I believe that the first method is used as the “ip route list” shows the default route as balanced with weight and haven’t found anything on iptables or lsmod regarding statistics. Seems that I had the wrong impression on how the traffic is balanced, the route caching is more obvious as the balancing method.
You must be logged in to reply to this topic.