# [SOLVED-ish] proxy load balancing

## cach0rr0

So, just testing the waters a bit as this is unfamiliar territory for me. 

I've seen loads of freebie packages out there that seem to hint at the idea I should be able to do this with any of my existing Gentoo boxen, but I can't make heads or tails of what's out there that's actually relevant. 

Example scenario:

One machine to act as a load balancer, has a single NIC, distributing traffic between let's say, a half dozen proxies. 

None of these proxies are on the same LAN as the load balancer, though the pipe between the two is exceptionally large, minimal latency

I'm only in the initial phases of my reading/testing, but if anyone has any suggestions of what packages I should look at, it would save me a fair bit of time trying to sift through cruft. 

Thus far I've done a bit of reading on:

-haproxy

-ldirectord + heartbeat

Eventually, yes, I will be clustering these load balancers, but for the time being it's more of a "proof of concept" type deal, to see if I can get the performance I need from FOSS, or if I have to fork over the cash for something like Zeus. 

Any advice, proddings, or pointers appreciated.

EDIT: Part of the problem I'm finding with the doc out there, is that all of it assumes you have multiple NIC's, with two load balancers in the same physical network as each other, as well with both load balancers in the same physical network as the so-called "real servers". For example: http://www.redhat.com/support/resources/howto/piranha/example-layout.html

I don't. I have a single NIC, and I want say, port 8080 traffic on the load balancer's IP, x.x.x.x, to be distributed evenly between a.a.a.a:8080, b.b.b.b:8080, c.c.c.c:8080, and so forth, where a.a.a.a b.b.b.b c.c.c.c are all public IP's, and x.x.x.x is a public IP

I think all of these docs just *assume* you're going to have two load balancers for redundancy's sake. Which, yes, is ideal, but when you're doing a proof of concept, not always feasible. If I can prove we can do this with just the one server, then I can easily procure another server and have both at my disposal - such is the catch-22.

----------

## feystorm

You can do this with one nic, and without your boxes on the same lan. The software you want to use is ldirectord. Heartbeat is not needed if you only have 1 balancer. However if you want High Availability (failover), then you do. However heartbeat has been discontinued in favor of corosync + pacemaker (heartbeat development has ceased).

I dont know where the ldirectord utility is in portage (we use it at work, but we have redhat there). If I had to guess, its probably in the heartbeat package, even though it really shouldnt be since heartbeat is dead, and neither one has any sort of dependency on the other. You could get away with just ipvsadm (and there is a package called ipvsadm). Ldirectord is just a front end to ipvsadm that detects when a host goes down and removes it from the pool.

Anyway, once you get ldirectord installed, just setup your service using masq rules. Its pretty straightforward and simple.

Edit: difference between ldirector/ipvsadm and other tools is that ldirector has minimal overhead. Other utilities made specifically for things like web browsing operate on the application layer and must know how to speak http, ftp, socks, etc. ldirector/ipvsadm operates on the transport layer and only needs to know how to speak tcp or udp. Plus the actual work of balancing the connections is done by the kernel, not an application. ipvsadm is just the control utility.Last edited by feystorm on Thu Jun 16, 2011 1:02 am; edited 1 time in total

----------

## skunk

i don't know about load balancing proxies but i deploy www-servers/pound for load balancing web servers since many years, it's easy to setup and really flexible...

----------

## cach0rr0

 *feystorm wrote:*   

> 
> 
> I dont know where the ldirectord utility is in portage (we use it at work, but we have redhat there). If I had to guess, its probably in the heartbeat package, even though it really shouldnt be since heartbeat is dead, and neither one has any sort of dependency on the other. You could get away with just ipvsadm (and there is a package called ipvsadm). Ldirectord is just a front end to ipvsadm that detects when a host goes down and removes it from the pool.
> 
> Anyway, once you get ldirectord installed, just setup your service using masq rules. Its pretty straightforward and simple.
> ...

 

Aye, there's a USE for ldirectord if you merge heartbeat

 *feystorm wrote:*   

> 
> 
> Edit: difference between ldirector/ipvsadm and other tools is that ldirector has minimal overhead. Other utilities made specifically for things like web browsing operate on the application layer and must know how to speak http, ftp, socks, etc. ldirector/ipvsadm operates on the transport layer and only needs to know how to speak tcp or udp. Plus the actual work of balancing the connections is done by the kernel, not an application. ipvsadm is just the control utility.

 

aye, I've got this more or less set up for the time being, at the moment trying to fight my way through a Cisco ASA and get that opened up. Everything's started up, just need to get the bloody ASA to forward ports so I can test. 

I'm in a holding pattern 'til I get that sorted, but I think I have enough to go on for the time being. 

Thanks again to all for the input. I'll flag this as solved since there's no point in it taking up space while I'm fighting with Cisco nonsense.

----------

