netfilter/ipchains and massive web traffic
Nate Campi
nate@campin.net
Fri, 5 Oct 2001 14:22:39 -0700
On Fri, Oct 05, 2001 at 01:35:46PM -0700, Brad Chapman wrote:
> Mr. Nate, ;)
>
> --- Nate Campi <nate@campin.net> wrote:
> > On Fri, Oct 05, 2001 at 12:09:47PM -0700, Brad Chapman wrote:
> > > Mr. Campi,
> > >
> > > --- Nate Campi <nate@campin.net> wrote:
> > > > On Fri, Oct 05, 2001 at 10:05:39AM +0200, Patrick Schaaf wrote:
> > > > >
> > > > > - do you have good load distribution, so each server will see
> > > > > about the same share?
> > > >
> > > > We use load balancers that hold up under the load of Tripod and
> > > > Angelfire so they should hold up for this.
> > >
> > > Mr. Campi: Are you doing any Network Address Translation between the
> > > routers running your Internet connections and the routers running the load
> > > balancers? If not, then I have a small idea that could help you.....
> > >
> > > Brad
> >
> > No, we never put any caching or NAT in front of our services, just the
> > load balancers in front of web servers.
>
> Good! In about a day or two, I'll send you a patch to the connection
> tracking code which will allow you to select (in a rather crude fashion right now)
> what connections to track. Once the patch is in place, doing this command:
>
> iptables -t conntrack -A PREROUTING -p tcp --dport 80 -j NOTRACK
>
> will probably result in some significant speed gains. It'll take me a while
> to dig the patch out, compile-test it, and package it up. Will you be near
> the Internet routers tomorrow?
This cluster won't be up and running until monday at the earliest. I
could start recompiling kernels at that time.
> >
> > Oh, and don't call me Mr Campi, I'm only 28, makes me feel old ;)
>
> See above ;). I do that to be as polite as possible.
No problem.
--
Nate Campi <nate@campin.net>
GnuPG key: 0xC17AEF79 http://www.campin.net
Suspicion always haunts the guilty mind.
-- Wm. Shakespeare