Open main menu, an OpenBSD-based firewall β


Load balancing

1,061 bytes added, 11:36, 18 July 2013
no edit summary
* Internet failover
It's most commonly used to forward traffic to multiple servers with load distribution and health checking. This functionality can, with some generalization, be divided into layer 3 (called redirects) and layer 4+ (called relays). They are configured in much the same way, but have some striking technical differences. Both the redirects and relays are sometimes referred to as "virtual servers" in other products.
=== Check and distribution methods ===
The following methods can be used to check the health of a host.
* <tt>http ... code</tt>, HTTP(S) return code
* <tt>http ... digest</tt>, HTTP(S) response content
* <tt>send</tt>, raw data response to configurable request (possibly SSL)
* <tt>script</tt>, custom shell or Perl script
* <tt>ssl</tt>, SSL handshake
* <tt>tcp</tt>, TCP handshake
* <tt>icmp</tt>, ping
Traffic is distributed over the active hosts using one of the following methods. Persistence is sometimes provided by the distribution method, and otherwise (in case of for example least-states) by the source-tracking mechanism (if sticky-address is enabled).
* <tt>loadbalance</tt>, the source IP address of the client, and the IP address and port of the relay
* <tt>source-hash</tt>, the source IP address of the client
* <tt>hash</tt>, input fed from the protocol specification, for example HTTP headers and GET variables
* <tt>least-states</tt>, the host with the fewest active connections (firewall states)
* <tt>roundrobin</tt>
* <tt>random</tt>
=== Layer 3 (redirects) ===