LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

performance NAT versus DR ?

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: performance NAT versus DR ?
From: Alois Treindl <alois@xxxxxxxx>
Date: Sun, 28 Jan 2001 00:38:36 +0100
Hi

I will be setting up a LVS with one directore, 100 mbit Internet connection,
and four web servers.

I want to use the director also as a packet filtering firewall, with two
interfaces.
I have not enough funds and see no real need for an extra "real" firewall. 

As far as I understand it, DR would not have a performance advantage in that
case over NAT,
because all outgoing packets of from the realservers stil have to pass the 
director/firewall.

To route the return packets around the directory directly to the internet
router, using
two interfaces on each realserver, seems to introduce new security risks.

Am I correct in the assumtion that NAT and DR have essentially the same
performance
in that situation? If yes, I will choose NAT because it es simpler to set
up.

the director will be a 800 Mhz Pentium III with 256 or 512 mb, which I
assume is fast
enough to saturate my 100 mhz line.

I would appreciate a comment, even when I have not yet set up a test cluster
- I would
be unable to make a performance test anyway, and the answer is important for
purchasing
the correct hardware (one or two ethernet interfaces on the realservers, for
example,
and speed and memory size on the director).

I have read the (excellent!!!) HOWTO and mini-HOWTO, but they are not clear
on this 
point. The potential performance problem with NAT is discussed, but not for
DR in a configuration with a dual-interface directory. It is mentioned that
a DR cluster will
also have performance penalties when the return path goes through the
director, but no
comparison with NAT performance is made.


-- 
|| Alois Treindl,  Astrodienst AG,  mailto:alois@xxxxxxxxx
|| Zollikon/Zurich, Switzerland


<Prev in Thread] Current Thread [Next in Thread>