cancel
Showing results for 
Search instead for 
Did you mean: 
anas.ismail
Level 9

Load Balancing Issue.

Jump to solution

Hello All,

We have a cluster of two MWG appliances in proxy HA mode active/active ,I think there is a  problem in balancing the load between the two nodes , there is a huge difference in the number of requests/second between them, please have a look on the attached snapshot.

snapshot for Macafi - Copy.png

the second appliance with 299 R/S is the director.

is it a normal behavior?! if not how to minimize the difference in the number of R/S between the two nodes.

Thanks in advance.

Anas

0 Kudos
1 Solution

Accepted Solutions
asabban
Level 17

Re: Load Balancing Issue.

Jump to solution

Hello,

not exactly 50/50 is correct, but MWG does some sort of round robin based on the IP address of the incoming connection and tries to equally share IP addresses across the nodes. If you have 50 clients and MWG sees all of these IP addresses it tries to put 25 of the IP addresses to scanning node 1 and 25 to scanning node 2. It depends a little on how quickly new IP addresses come in so the distribution will not be 100%ly equal, but you should see some traffic on both nodes.

Now it could happen that there is one client IP address which creates much more requests/second than others. Now you will see that - although the clients are almost equally shared across all nodes - one node does much more requests per second than the other one. The load sharing does not care for requests/second but only for connections.

That's why it needs to be ensured that there is no single source IP address which creates a big amount of traffic, such as devices hidden behind a NAT IP or downstream proxy. If you really see that the clients are shared very unequally there might be an issue we should look into.

Best,

Andre

18 Replies
m.bagheryan
Level 12

Re: Load Balancing Issue.

Jump to solution

check your setting as it is written here:

This is excellent guide ever!

Enjoy

0 Kudos
anas.ismail
Level 9

Re: Load Balancing Issue.

Jump to solution

Thanks, actually I have configured the settings same as the Best Practices: Proxy HA  guide, and it was working fine with a close number of requests per second, then the mentioned difference appeared.

0 Kudos
asabban
Level 17

Re: Load Balancing Issue.

Jump to solution

Hello,

the load sharing algorithm is source IP based. Can you ensure that MWG sees all client IP addresses correctly, e.g. there is no device between clients and MWG which performs NAT or any downstream proxy a larger group of users use?

Best,

Andre

0 Kudos
m.bagheryan
Level 12

Re: Load Balancing Issue.

Jump to solution

It is Normal.  Load Balancing is not meaning by share the traffic 50/50

If you want to make 50/50 then you have to configure it from your DNS not MWG but MWG is doing load balancing as sending the traffic to second appliance after passing some specified percentage.

As far as I know your Picture is shown that everything is working perfect.

There is nothing to worry about it.

Enjoy.

asabban
Level 17

Re: Load Balancing Issue.

Jump to solution

Hello,

not exactly 50/50 is correct, but MWG does some sort of round robin based on the IP address of the incoming connection and tries to equally share IP addresses across the nodes. If you have 50 clients and MWG sees all of these IP addresses it tries to put 25 of the IP addresses to scanning node 1 and 25 to scanning node 2. It depends a little on how quickly new IP addresses come in so the distribution will not be 100%ly equal, but you should see some traffic on both nodes.

Now it could happen that there is one client IP address which creates much more requests/second than others. Now you will see that - although the clients are almost equally shared across all nodes - one node does much more requests per second than the other one. The load sharing does not care for requests/second but only for connections.

That's why it needs to be ensured that there is no single source IP address which creates a big amount of traffic, such as devices hidden behind a NAT IP or downstream proxy. If you really see that the clients are shared very unequally there might be an issue we should look into.

Best,

Andre

m.bagheryan
Level 12

Re: Load Balancing Issue.

Jump to solution

Thanks for  the note advised.

0 Kudos
anas.ismail
Level 9

Re: Load Balancing Issue.

Jump to solution

Hello Asabban.

I think there is a client creates a big amount of traffic as you mentioned, but how could i know that client?? does MWR help in this drill ??

0 Kudos
asabban
Level 17

Re: Load Balancing Issue.

Jump to solution

I think looking into the access.log could help. If there is one client creating such amount of requests per second you should see some obvious log file lines with one IP address showing again and again.

Re: Load Balancing Issue.

Jump to solution

Shell might help:

In my case it is one-liner on the shell to find the src_IP that generates the most requests. That can be adopted to other fields obviously.

[root@mwgappl ~]# cd /opt/mwg/log/user-defined-logs/access.log/

[root@mwgappl access.log]# head -n 1 access.log

#time_stamp "auth_user" src_ip status_code "req_line" "categories" "rep_level" "media_type" bytes_to_client bytes_from_client "user_agent" "virus_name" "block_res" "application_name"

[root@mwgappl access.log]# cat access.log | cut -d "\"" -f 3 | cut -d " " -f 2 | sort | uniq -c | sort -r | head -n 10

   1012 10.140.132.34

    120 10.140.132.68

      1 src_ip

[root@mwgappl access.log]#

thanks,

Michael