|
Hi!
On Mon, 06 Feb 2006, Roberto Nibali wrote:
> > The problem has been solved. It's something related to iptables.
>
> As expected, it's netfilter and the connection tracking. If you want
> high performance load balancing, do _not_ use netfilter; especially the
> connection tracking. It just does not scale. Simply loading ip_conntrack
> into the kernel makes your packet rate drop by 60 kpps on a 1Gbit/s
> connection.
What I wonder is this: if I use conntracking in a DR setup in teh
INPUT and OUTPUT chains *only*, would this affect the ipvs
performance adverseley? Converting to non-conntracking iptables
rules would be nearly impossible or at least a hughe PITA, so I'd
rather not drop conntracking for the *local* connections to the
director. I do not need packefilterting for the balanced
connections.
If I understand this:
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.filter_rules.html
correctly, iptables conntracking wouldn't affect balanced packets
anyway, so it shouldn't affect performance, right.
I'd be glad if someone could shed a bit of light on this.
Regards,
Tobias
--
You don't need eyes to see, you need vision.
|
