Documentation
Installation
You need pfil(4) in your kernel. Download the archive. Decompress it and type ‘make‘ into the drlb directory. On FreeBSD, you can load the module as is (kldload kmod/drlb.ko). On NetBSD, I need some time..
Configuration
After that, you can configure the load-balancer with the drlbctl tools. Service are created when you add a server for it. They are deleted when you delete the last server. Example:
I want to load-balance connections for service: 10.0.0.1 port 80 :
drlbctl -A 10.0.0.1,80 172.16.0.1 # register service and add a real server (172.16.0.1)
drlbctl -A 10.0.0.1,80 172.16.0.2 # add a second server (172.16.0.1) for the service.
drlbctl -sv # print current configuration and statistics.
drlbctl -D 10.0.0.1,80 172.16.0.1 # remove this server
drlbctl -D 10.0.0.1,80 172.16.0.2 # remove this server and unregister the service.
When you register a service, you can also specify the size of the hash table, the scheduler you want to use and the persistence. Hash size is specified by the -H flags with a parameter. This parameter specify the size of the hash table in power of 2. Persistence is specified by the -p flag. This tell the load-balancer to not take care of the originating port of incoming connections (all connections for one ip is redirected to only one server). Useful for SSL for example. The scheduler is added after the server IP: lc for least-connections, rr for round-robin. You can use wrr or wlc for a weighted version of this scheduler.
drlbctl -H 18 -A 10.0.0.1,80 172.16.0.1 lc # 2^18 hash and least-connections sched.
You can also specify the server weight after the server IP (and before the scheduler). You can change the scheduler anytime you want after the service have been created. But you cannot change the hash table size and you cannot change persistence.
drlbctl -S 10.0.0.1,80 wlc # change to weighted-least-connections sched.
You can protect server to receive new incoming connections with the -i (inactive) and -a (active) flags. The syntax is the same that adding or removing a server:
drlbctl -i 10.0.0.1,80 172.16.0.1
Timeouts
When service have been created, you can specify different timeout for keeping connections open. There are 3 differents timeouts: *Timeout for SYN connections: used when client only send SYN and no more packet. I hope this can help to protect for SYN-flood. *Timeout for ESTABLISHED connections: used when a connections is never closed by the clients. *Timeout for CLOSED connections: used after a connections is marked inactive, this is the time before the connection is dropped from the hash table. The timeout for SYN and ESTABLISHED connections are different for each service. The timeout for CLOSED connections is the same for all services.
drlbctl -T 10.0.0.1,80 4 120 90 # set SYN 4sec, ESTABLISH: 2minute and CLOSED: 1min30.
Clone
The last action you can do is to add a second IP for a same service. This is the ‘clone’ command. Useful if your service have two (or more) differents IP with the sames servers behind. But remember to grow your hash table size before !
drlbctl -C 10.0.0.1,80 10.0.0.2 # register a second ip for service 10.0.0.1
Stats
You can specify a number X after drlbct -s [-v] [-h] [-n] X and it will print data every X seconds. Alternativly, you can use -t instead of -s to see traffic (use -h to have it more friendly printed).
Sharing (version 0.9):
You can specify an IP in order to send openning/closing of connections. Used to share connections hash table:
drlbctl -b 192.168.0.1,10179 1122
The number after the ip is a key. It muste be the same on the two load-balancer. It’s a simple protection against bad packets. Be careful with this because there is no authentification.
lbdyn
lbdyn is a little daemon that will monitor your servers and inactive or active them. All of his configuration is done via a file. You launch it with: lbdyn -f <configuration_file>
You can add a -d parameter (it doesn’t become a daemon and print message on the console).
On future releases, lbdyn will change the server weight according to the server load.
[To be continued...]