Difference between revisions of "Load balancing"

From nftables wiki
Jump to navigation Jump to search
(add some bits about stateless load balancing)
Line 3: Line 3:
Don't forget the special NAT chain semantics: Only the first packet evaluates the rule, follow up packets rely on conntrack to apply the NAT information.
Don't forget the special NAT chain semantics: Only the first packet evaluates the rule, follow up packets rely on conntrack to apply the NAT information.


== round robin ==
== Round Robin ==


This method uses the nftables internal [[Math operations | number generator]].
This method uses the nftables [[Math operations | number generator]].


The example below is distributing new connections in a round-robin fashion between 192.168.10.100 and 192.168.20.200.
The example below is distributing new connections in a round-robin fashion between 192.168.10.100 and 192.168.20.200.
Line 31: Line 31:
</source>
</source>


== consistent distribution ==
== Consistent Hash-based Distribution ==


Using the nftables internal [[Math operations | hashing mechanisms]].
Using the nftables internal [[Math operations | hashing mechanisms]].
Line 41: Line 41:
</source>
</source>


== using stateles NAT ==
== Using stateless NAT ==


Despite uncommon, you can perform load balancing also by using stateles NAT as well, using the two mechanisms (round robin and consistent distribution).
Despite uncommon, you can perform load balancing also by using stateles NAT as well, using the two mechanisms (round robin and consistent distribution).
Line 51: Line 51:
                   tcp dport set numgen inc mod 2 map { 0 : 4040 , 1 : 4050 }
                   tcp dport set numgen inc mod 2 map { 0 : 4040 , 1 : 4050 }
</source>
</source>
== Using Direct Server Return (DSR) ==
TODO.

Revision as of 17:55, 14 June 2017

Since nftables v0.7, there is support in place to perform NAT load balancing.

Don't forget the special NAT chain semantics: Only the first packet evaluates the rule, follow up packets rely on conntrack to apply the NAT information.

Round Robin

This method uses the nftables number generator.

The example below is distributing new connections in a round-robin fashion between 192.168.10.100 and 192.168.20.200.

% nft add rule nat prerouting dnat to numgen inc mod 2 map { \
               0 : 192.168.10.100, \
               1 : 192.168.20.200 }

You can also emulate flow distribution with different backend weights using intervals:

% nft add rule nat prerouting dnat to numgen inc mod 10 map { \
               0-5 : 192.168.10.100, \
               6-9 : 192.168.20.200 }

The distribution can be based on ports as well:

% nft add rule nat prerouting ip protocol tcp dnat to 192.168.1.100 : numgen inc mod 2 map {\
               0 : 4040 ,\
               1 : 4050 }

Consistent Hash-based Distribution

Using the nftables internal hashing mechanisms.

% nft add rule x y dnat to jhash ip saddr . tcp dport mod 2 map { \
                0 : 192.168.20.100, \
                1 : 192.168.30.100 }

Using stateless NAT

Despite uncommon, you can perform load balancing also by using stateles NAT as well, using the two mechanisms (round robin and consistent distribution).

Example using round robin:

% nft add rule t c ip protocol tcp ip daddr set 192.168.1.100 \
                   tcp dport set numgen inc mod 2 map { 0 : 4040 , 1 : 4050 }

Using Direct Server Return (DSR)

TODO.