load balancing with nftables
play

Load Balancing with nftables by Laura Garca (Zen Load Balancer Team) - PowerPoint PPT Presentation

Jan 02, 2023 •897 likes •1.31k views

Load Balancing with nftables by Laura Garca (Zen Load Balancer Team) Netdev 1.1 Prototype of Load Balancing with nftables Goal: High Performance Load Balancer Load Balancing Solutions Load Balancing Solutions Linux Virtual Server

  1. Load Balancing with nftables by Laura García (Zen Load Balancer Team) Netdev 1.1

  2. Prototype of Load Balancing with nftables

  3. Goal: High Performance Load Balancer

  4. Load Balancing Solutions

  5. Load Balancing Solutions Linux Virtual Server iptables nftables

  6. Load Balancing Solutions - LVS ● Feature complete & versatile schedulers ● Several forwarding methods ● Integrated health checks ● Built on top of netfilter ● Mostly kernel code base

  7. Load Balancing Solutions - iptables ● Schedulers based on xtables extensions ● SNAT and DNAT as forwarding methods ● Mark packets and forwarding ● Backend health checks from user space

  8. Load Balancing Solutions - iptables pkt user space kernel space prerouting mangle ruleset mng & iptables health daemon prerouting nat load balancer check_ping, check_tcp, check_http, ... BACKEND 0 BACKEND 1 (1st Approach)

  9. Load Balancing Solutions - nftables ● Using nftables infrastructure ○ nft libraries ○ nftables VM & its instructions ● Dynamic and atomic rules ● No marking packets needed ● Several forwarding methods

  10. Load Balancing Solutions - nftables pkt user space kernel space ruleset mng & prerouting nat health daemon nftables script load balancer check_ping, check_tcp, check_http, ... BACKEND 0 BACKEND 1

  11. Features to accomplish

  12. Features to accomplish Schedulers round robin, weight, least connections

  13. Features to accomplish Persistence Source IP

  14. Features to accomplish Forwarding methods SNAT, DNAT

  15. Features to accomplish Health checks Backend monitoring in user space at different levels

  16. Features to accomplish Good Integration QoS, filtering

  17. Use Cases

  18. Use Cases Round Robin Load Balancing with LVS ipvsadm -A -t 192.168.0.40:80 -s rr ipvsadm -a -t 192.168.0.40:80 -r 192.168.100.10:80 -m ipvsadm -a -t 192.168.0.40:80 -r 192.168.100.11:80 -m pkt 192.168.0.40:80 LB 192.168.100.10:80 BACKEND 0 192.168.100.11:80 BACKEND 1

  19. Use Cases Round Robin Load Balancing with IPT iptables -t nat -A PREROUTING -m statistic --mode nth --every 2 --packet 0 -d 192.168.0.40 -p tcp --dport 80 -j DNAT --to-destination 192.168.100.10:80 iptables -t nat -A PREROUTING -m statistic --mode nth --every 2 --packet 1 -d 192.168.0.40 -p tcp --dport 80 -j DNAT --to-destination 192.168.100.11:80 pkt 192.168.0.40:80 LB 192.168.100.10:80 BACKEND 0 192.168.100.11:80 BACKEND 1

  20. Use Cases Round Robin Load Balancing with NFT table ip lb { chain prerouting { type nat hook prerouting priority 0; policy accept; ip daddr 192.168.0.40 tcp dport http dnat nth 2 map { 0: 192.168.100.10, pkt 1: 192.168.100.11 192.168.0.40:80 } LB } } 192.168.100.10:80 BACKEND 0 192.168.100.11:80 BACKEND 1

  21. Use Cases Weight Load Balancing with LVS ipvsadm -A -t 192.168.0.40:80 -s wrr ipvsadm -a -t 192.168.0.40:80 -r 192.168.100.10:80 -m -w 100 ipvsadm -a -t 192.168.0.40:80 -r 192.168.100.11:80 -m -w 50

  22. Use Cases Weight Load Balancing with IPT iptables -t nat -A PREROUTING -m statistic --mode random --probability 1 \ -d 192.168.0.40 -p tcp --dport 80 -j DNAT --to-destination 192.168.100.10:80 iptables -t nat -A PREROUTING -m statistic --mode random --probability 0.33 \ -d 192.168.0.40 -p tcp --dport 80 -j DNAT --to-destination 192.168.100.11:80

  23. Use Cases Weight Load Balancing with NFT table ip lb { chain prerouting { type nat hook prerouting priority 0; policy accept; ip daddr 192.168.0.40 tcp dport http dnat random upto 100 map { 0-66: 192.168.100.10, 67-99: 192.168.100.11 } } }

  24. Use Cases Weight Load Balancing Multiport with LVS iptables -A PREROUTING -t mangle -d 192.168.0.40 -p tcp -m multiport \ --dports 80,443 -j MARK --set-mark 1 ipvsadm -A -f 1 -s wrr ipvsadm -a -f 1 -r 192.168.100.10:0 -m -w 100 ipvsadm -a -f 1 -r 192.168.100.11:0 -m -w 50

  25. Use Cases Weight Load Balancing Multiport with IPT iptables -t nat -A PREROUTING -m statistic --mode random --probability 1 \ -d 192.168.0.40 -p tcp -m multiport --dports 80,443 -j DNAT \ --to-destination 192.168.100.10 iptables -t nat -A PREROUTING -m statistic --mode random --probability 0.33 \ -d 192.168.0.40 -p tcp -m multiport --dports 80,443 -j DNAT \ --to-destination 192.168.100.11

  26. Use Cases Weight Load Balancing Multiport with NFT table ip lb { chain prerouting { type nat hook prerouting priority 0; policy accept; ip daddr 192.168.0.40 tcp dport { http,https } dnat random upto 100 map { 0-66: 192.168.100.10, 67-99: 192.168.100.11 } } }

  27. Use Cases Weight LB IP persistence with LVS ipvsadm -A -t 192.168.0.40:80 -s wrr -p 300 ipvsadm -a -t 192.168.0.40:80 -r 192.168.100.10:80 -m -w 100 ipvsadm -a -t 192.168.0.40:80 -r 192.168.100.11:80 -m -w 50

  28. Use Cases Weight LB IP persistence with IPT iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark iptables -t mangle -A PREROUTING -m statistic --mode random --probability 1 \ -d 192.168.0.40 -p tcp --dport 80 -j MARK --set-xmark 1 iptables -t mangle -A PREROUTING -m statistic --mode random --probability 0.33 \ -d 192.168.0.40 -p tcp --dport 80 -j MARK --set-xmark 2 iptables -t mangle -A PREROUTING -m recent --name "mark1_list" --rcheck --seconds 120 \ -d 192.168.0.40 -p tcp --dport 80 -j MARK --set-xmark 1 iptables -t mangle -A PREROUTING -m recent --name "mark2_list" --rcheck --seconds 120 \ -d 192.168.0.40 -p tcp --dport 80 -j MARK --set-xmark 2 iptables -t mangle -A PREROUTING -m state --state NEW -j CONNMARK --save-mark iptables -t nat -A PREROUTING -m mark --mark 1 -j DNAT -p tcp \ --to-destination 192.168.100.10:80 -m recent --name "mark1_list" --set iptables -t nat -A PREROUTING -m mark --mark 2 -j DNAT -p tcp \ --to-destination 192.168.100.11:80 -m recent --name "mark2_list" --set

  29. Use Cases Weight LB IP persistence with NFT table ip lb { map dnat-cache { type ipv4_addr : ipv4_addr; timeout 120s; } chain cache-done { dnat ip saddr map @dnat-cache } chain prerouting { type nat hook prerouting priority 0; policy accept; ip saddr @dnat-cache goto cache-done ip daddr 192.168.0.40 tcp dport http dnat random upto 100 map { 0-66: 192.168.100.10, 67-99: 192.168.100.11 } map dnat-cache add { ip saddr : ip daddr } } }

  30. Use Cases Weighted Least Connections with NFT pkt user space kernel space weighted ruleset nftables mng & script health prerouting nat daemon established conns conntrack load balancer check_ping, check_tcp, check_http, ... BACKEND 0 BACKEND 1

  31. Use Cases Weighted Least Response with NFT pkt user space kernel space weighted ruleset nftables mng & script health prerouting nat daemon t 0 t 1 load balancer check_ping, check_tcp, check_http, ... BACKEND 0 BACKEND 1

  32. Use Cases Weighted Least CPU Load with NFT pkt user space kernel space weighted ruleset nftables mng & script health prerouting nat daemon load balancer check_ping, check_snmp(cpu) check_tcp, check_http, ... BACKEND 0 BACKEND 1

  33. Work to do

  34. Work to do Implement some native functions in nftables random, nth, maps enhancements

  35. Work to do Daemon nft-lbd health checks support, dynamic weight (least connections, least response, etc.)

  36. Conclusions

  37. Conclusions Simplify kernel infrastructure Move complexity to User Space

  38. Conclusions Consolidate kernel development Avoid duplicated work, better maintenance, native LB support

  39. Conclusions Unique API for networking handling nftables

  40. Questions? Thank you! Load Balancing with nftables Laura García (Zen Load Balancer Team) lauragl@sofintel.net

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Load Balancing Load Balancing Load balancing: distributing data and/or computations across

Load Balancing Load Balancing Load balancing: distributing data and/or computations across

Load Balancing Load Balancing Load balancing: distributing data and/or computations across multiple processes to maximize efficiency for a parallel program. Static load-balancing: the algorithm decides a priori how to divide the workload.

444 views • 27 slides
Epidemic Algorithm for Load Balancing Harshitha Menon, Laxmikant Kal e 15th April 1 / 25

Epidemic Algorithm for Load Balancing Harshitha Menon, Laxmikant Kal e 15th April 1 / 25

Load Balancing Epidemic Algorithm for Load Balancing Harshitha Menon, Laxmikant Kal e 15th April 1 / 25 Load Balancing Outline 1 Introduction Motivation Background Load Balancing Strategies 2 Distributed Load Balancing Information

476 views • 37 slides
Internal Load Balancing in 5 mins Deliver scalable and resilient internal-only services on GCP

Internal Load Balancing in 5 mins Deliver scalable and resilient internal-only services on GCP

Internal Load Balancing in 5 mins Deliver scalable and resilient internal-only services on GCP Google Cloud Load Balancing HTTP(S) Load SSL proxy Global Balancing Network TCP/UDP Internal TCP/UDP Regional Load Balancing Load Balancing

538 views • 18 slides
Load Balancing in Ceph: Load Balancing With Pseudorandom Placement Esteban Molina-Estolano,

Load Balancing in Ceph: Load Balancing With Pseudorandom Placement Esteban Molina-Estolano,

Load Balancing in Ceph: Load Balancing With Pseudorandom Placement Esteban Molina-Estolano, Carlos Maltzahn, Scott Brandt University of California, Santa Cruz The Load Balancing Problem Pseudorandom placement for distributed storage

513 views • 12 slides
Dynamic Load Balancing in Dynamic Load Balancing in Charm+ + Charm+ + Abhinav S Bhatele

Dynamic Load Balancing in Dynamic Load Balancing in Charm+ + Charm+ + Abhinav S Bhatele

Dynamic Load Balancing in Dynamic Load Balancing in Charm+ + Charm+ + Abhinav S Bhatele Parallel Programming Lab, UIUC Outline Outline Dynamic Load Balancing framework in Charm+ + Measurement Based Load Balancing Examples:

473 views • 23 slides
L O A D B A L A N C I N G I S I M P O S S I B L E LOAD BALANCING IS IMPOSSIBLE Tyler McMullen

L O A D B A L A N C I N G I S I M P O S S I B L E LOAD BALANCING IS IMPOSSIBLE Tyler McMullen

L O A D B A L A N C I N G I S I M P O S S I B L E LOAD BALANCING IS IMPOSSIBLE Tyler McMullen tyler@fastly.com @tbmcmullen 2 SLIDE WHAT IS LOAD BALANCING? [DIAGRAM DESCRIBING LOAD BALANCING] [ALLEGORY DESCRIBING LOAD BALANCING] 6 SLIDE

774 views • 58 slides
Load Balancing and Termination Detection Load balancing used to distribute computations fairly

Load Balancing and Termination Detection Load balancing used to distribute computations fairly

Load Balancing and Termination Detection Load balancing used to distribute computations fairly across processors in order to obtain the highest possible execution speed. Termination detection detecting when a computation has been

545 views • 37 slides
1 1 Slide 5 Slide 6 Partitioning and Load Balancing Partitioning Goals Assignment of

1 1 Slide 5 Slide 6 Partitioning and Load Balancing Partitioning Goals Assignment of

Slide 2 Outline Tutorial: Partitioning, Load Balancing Part 1: and the Zoltan Toolkit Partitioning and load balancing Owner computes approach Static vs. dynamic partitioning Models and algorithms Geometric (RCB, SFC)

589 views • 25 slides
Load Balancing Load Balancing: Example Example Problem Consider 6 jobs whose processing times

Load Balancing Load Balancing: Example Example Problem Consider 6 jobs whose processing times

Load Balancing Load Balancing: Example Example Problem Consider 6 jobs whose processing times is given as follows Input: m identical machines, n jobs with i th job having processing time t i Jobs 1 2 3 4 5 6 Goal: Schedule jobs to

517 views • 7 slides
Adventures in Load Balancing at Scale: Successes, Fizzles, and Next Steps Rusty Lusk Mathematics

Adventures in Load Balancing at Scale: Successes, Fizzles, and Next Steps Rusty Lusk Mathematics

Adventures in Load Balancing at Scale: Successes, Fizzles, and Next Steps Rusty Lusk Mathematics and Computer Science Division Argonne National Laboratory Outline Introduction Two abstract programming models Load balancing and

538 views • 28 slides
Load Balancing Guardrails Keeping Your Heavy Traffic on the Road to Low Response Times Isaac

Load Balancing Guardrails Keeping Your Heavy Traffic on the Road to Low Response Times Isaac

Load Balancing Guardrails Keeping Your Heavy Traffic on the Road to Low Response Times Isaac Grosof (CMU) Ziv Scully (CMU) Mor Harchol-Balter (CMU) 1 Goal: Optimal Load Balancing Assumptions: Stochastic Arrivals Q1: How to Dispatcher

708 views • 26 slides
Deterministic Load Balancing and Dictionaries in the Parallel Disk Model Mette Berger, Esben

Deterministic Load Balancing and Dictionaries in the Parallel Disk Model Mette Berger, Esben

Deterministic Load Balancing and Dictionaries in the Parallel Disk Model Mette Berger, Esben Rune Hansen, Rasmus Pagh, Mihai P atras cu, zi Milan Ru c, and Peter Tiedemann Deterministic Load Balancing and Dictionariesin the Parallel

348 views • 16 slides
MP-HULA A Multipath Transport Layer Aware Datacenter Load Balancing Scheme Using Programmable

MP-HULA A Multipath Transport Layer Aware Datacenter Load Balancing Scheme Using Programmable

MP-HULA A Multipath Transport Layer Aware Datacenter Load Balancing Scheme Using Programmable Data Planes Cristian Hernandez Benet , Andreas J. Kassler, Theophilus Benson, Gergely Pongracz MP-HULA: A Transport Layer aware Load Balancing

541 views • 43 slides
Octavia OpenStack Load Balancing New Features Deep Dive OpenStack Summit - Denver Adam Harwell -

Octavia OpenStack Load Balancing New Features Deep Dive OpenStack Summit - Denver Adam Harwell -

May 2019 Octavia OpenStack Load Balancing New Features Deep Dive OpenStack Summit - Denver Adam Harwell - Train PTL - Verizon Media Carlos Goncalves - Red Hat Michael Johnson - Red Hat What is Octavia? Network Load Balancing as a Service for

1.25k views • 16 slides
Computing Load Aware and Long-View Load Balancing for Cluster Storage Systems Guoxin Liu,

Computing Load Aware and Long-View Load Balancing for Cluster Storage Systems Guoxin Liu,

Computing Load Aware and Long-View Load Balancing for Cluster Storage Systems Guoxin Liu, Haiying Shen and Haoyu Wang Holcombe Department of Electrical and Computer Engineering Clemson University Presented by Haoyu Wang Outline 1,

483 views • 19 slides
Parallel Programming and High-Performance Computing Part 6: Dynamic Load Balancing Dr.

Parallel Programming and High-Performance Computing Part 6: Dynamic Load Balancing Dr.

Technische Universitt Mnchen Parallel Programming and High-Performance Computing Part 6: Dynamic Load Balancing Dr. Ralf-Peter Mundani CeSIM / IGSSE Technische Universitt Mnchen 6 Dynamic Load Balancing Overview definitions

1.49k views • 52 slides
Efficient Management of Configura4ons in the Model-Based System

Efficient Management of Configura4ons in the Model-Based System

Efficient Management of Configura4ons in the Model-Based System Development of a Common Submarine Combat System 25 May 2011 Brandon C. Gibson MBSE Technical Lead Lockheed Martin

530 views • 24 slides
Country Update Singapore APRICOT 2005 Dickson Loh, Consultant 23 rd Feb 2005 ENUM

Country Update Singapore APRICOT 2005 Dickson Loh, Consultant 23 rd Feb 2005 ENUM

Country Update Singapore APRICOT 2005 Dickson Loh, Consultant 23 rd Feb 2005 ENUM Proof-of-Concept Obtained ENUM delegation (5.6.e164.arpa) from ITU in 2003 Internal Trial (Proof-of-Concept) on IP Telephony using ENUM with open source

978 views • 12 slides
Reminders 3 1 10/23/17 Registration Form Date Translated Entered in the Top 3 on A03

Reminders 3 1 10/23/17 Registration Form Date Translated Entered in the Top 3 on A03

10/23/17 Bilingual ESOL Department Quarterly ESOL Contact Meeting September 27, 2017 Agenda Reminders State/District Updates What needs to happen before October FTE? Resources 2 Reminders 3 1 10/23/17 Registration Form

476 views • 19 slides
Using Trusted Execution Environments in Two-Factor Authentication Roland van Rijswijk-Deij M.Sc.

Using Trusted Execution Environments in Two-Factor Authentication Roland van Rijswijk-Deij M.Sc.

Introduction Trusted Execution and Two-Factor Authentication User Interaction Discussion Conclusions and Future Work Using Trusted Execution Environments in Two-Factor Authentication Roland van Rijswijk-Deij M.Sc. rijswijk@cs.ru.nl

299 views • 14 slides
Extraordinary General M eeting Vard Holdings Limited 3 October 2013 European network for Health

Extraordinary General M eeting Vard Holdings Limited 3 October 2013 European network for Health

Extraordinary General M eeting Vard Holdings Limited 3 October 2013 European network for Health Technology Assessment | JA2 2012-2015 | www.eunethta.eu Background New M ajority Shareholder 23 January 2013: Fincantieri Oil & Gas

225 views • 10 slides
An integrated Solver Manager: useR! 2013 using R and Python for energy systems Emilio L. Cano

An integrated Solver Manager: useR! 2013 using R and Python for energy systems Emilio L. Cano

Energy Systems Planning An integrated Solver Manager: useR! 2013 using R and Python for energy systems Emilio L. Cano Introduction optimization Motivation DSS Solver Manager Architecture Components Emilio L. Cano 1 Antonio Alonso Ayuso 1

297 views • 28 slides
ER T: : J AV AVASCRIPT V ER CATION T OOL HAIN (P (POP OPL 18) ERIFICA OOLCHA W HAT IS J

ER T: : J AV AVASCRIPT V ER CATION T OOL HAIN (P (POP OPL 18) ERIFICA OOLCHA W HAT IS J

L OG OGIC - BA BASED V ER ERIFIC IFICATIO ION OF OF J AV AVA S CR CRIPT P RO ROGRAMS PET PETAR R MA MAKSIMO IMOVI I IMPERIAL COLLEGE LONDON WITH J OS F RAGOSO S ANTOS , P HILIPPA G ARDNER , D AIVA N AUDINIEN , AND T HOMAS W

385 views • 27 slides
The Intersection Between Performance Assessment and Project-Based Learning Justin Wells

The Intersection Between Performance Assessment and Project-Based Learning Justin Wells

The Intersection Between Performance Assessment and Project-Based Learning Justin Wells Driving Question(s) Deeper Learning How does performance assessment serve project- based learning? How does project-based learning serve

718 views • 53 slides

More recommend