[OpenIndiana-discuss] Quick zone-networking question.

James Carlson carlsonj at workingcode.com
Wed Feb 13 19:25:46 UTC 2013

On 02/13/13 13:26, DormitionSkete at hotmail.com wrote:
> I was thinking to have our apache web server, email, and whatever other zones on one network card, and perhaps put our tomcat zone on the other, in my mind, to balance the load.  I was thinking since the web apps that we'll run on tomcat will be using ajax, it might like more bandwidth.
> I've always thought of networking like pipes of water -- except it's data.  I don't know how valid that is.  But when I look at this, it seems like I have two pipes going into the router, and if that pipe going from the router to the modem is the same size, I wouldn't really get any benefit from doing this.
> Am I right?  Should I not bother using both network cards like this?

"It depends."

There are a number of ways that this sort of configuration can work.

If the router device supports IEEE 802.3ad link aggregation, then that's
probably the simplest of answers.  You configure link aggregation, and
some means to balance the load (such as hashing by layer 3 flow), and
it'll fill up the two pipes with little fuss.  The key thing to know is
that the quality of the load balancing depends entirely on the type of
hash in use and what it hashes on -- if you have big unsplittable flows,
then you'll see little benefit, but if you have lots of smaller flows,
then it'll approach 2x performance.

If it doesn't, then you're down to playing games with addressing and
routing.  One good possibility is IPMP.  If you don't really need to tie
applications to particular addresses, or if that's not part of the
load-balancing strategy, then you can give IPMP multiple addresses and
put the two adapters into one group.  On outbound connections, the
system will round-robin during initial address selection time.  On
inbound connections, you'll have to arrange such that peers use these
addresses "fairly" -- such as having a single DNS name mapped to
multiple A records, one for each IPMP data address.

If you don't want to use IPMP, and you insist on doing it in a
per-application and per-address manner, then you'll need to come up with
some way to keep the outbound traffic (from host to router) segregated.
 The inbound will have no trouble, as it'll go to one address or the
other.  Outbound is a bigger problem, because the output interface that
will be used will be determined ENTIRELY by the destination address --
i.e., the remote peer -- and will have NOTHING to do with the source
address used.  It's possible to use IP-Filter to yank the traffic
around, but in general, IP routing is done by destination, not by source.

James Carlson         42.703N 71.076W         <carlsonj at workingcode.com>

More information about the OpenIndiana-discuss mailing list