Load balancing: Difference between revisions

From nftables wiki
Jump to navigation Jump to search
(create page with basic content)
 
(add NAT link)
Line 1: Line 1:
Since nftables v0.7, there is support in place to perform NAT load balancing.
Since nftables v0.7, there is support in place to perform [[Performing Network Address Translation (NAT) | NAT]] load balancing.


Don't forget the special NAT chain semantics: Only the first packet evaluates the rule, follow up packets rely on conntrack to apply the NAT information.
Don't forget the special NAT chain semantics: Only the first packet evaluates the rule, follow up packets rely on conntrack to apply the NAT information.

Revision as of 13:09, 5 January 2017

Since nftables v0.7, there is support in place to perform NAT load balancing.

Don't forget the special NAT chain semantics: Only the first packet evaluates the rule, follow up packets rely on conntrack to apply the NAT information.

round robin

This method uses the nftables internal number generator.

The example below is distributing new connections in a round-robin fashion between 192.168.10.100 and 192.168.20.200.

% nft add rule nat prerouting dnat to numgen inc mod 2 map { \
               0 : 192.168.10.100, \
               1 : 192.168.20.200 }

You can also emulate flow distribution with different backend weights using intervals:

% nft add rule nat prerouting dnat to numgen inc mod 10 map { \
               0-5 : 192.168.10.100, \
               6-9 : 192.168.20.200 }

consistent distribution

Using the nftables internal hashing mechanisms.

% nft add rule x y dnat to jhash ip saddr . tcp dport mod 2 map { \
                0 : 192.168.20.100, \
                1 : 192.168.30.100 }