Forum: NGINX Newbie question on ip_hash

Why does ip_hash only use the first 3 octects of the IP address?

The reason I ask is that we run we servers for a number of schools. 
Each
school is going the be their own subnet, ranging from a /24 to a /20 in
size.  Since ip_hash will lump everyone from a /24 in the same hash, it
will direct them to the same server, correct?

If I am correct above, is there any way to create persistent connections
based on the full IPv4 address?

--

William Brown
Core Hosted Application Technical Team and Messaging Team
Technology Services, WNYRIC, Erie 1 BOCES





Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or 
entity
identified above as the addressee. If you are not the addressee (or the
employee or agent responsible to deliver it to the addressee), or if 
this
message has been addressed to you in error, you are hereby notified that
you may not copy, forward, disclose or use any part of this message or 
any
attachments. Please notify the sender immediately by return e-mail or
telephone and delete this message from your system.

Hello!

On Tue, Feb 05, 2013 at 10:38:35AM -0500, WBrown@e1b.org wrote:

> Why does ip_hash only use the first 3 octects of the IP address?
>
> The reason I ask is that we run we servers for a number of schools.  Each
> school is going the be their own subnet, ranging from a /24 to a /20 in
> size.  Since ip_hash will lump everyone from a /24 in the same hash, it
> will direct them to the same server, correct?

Yes.

The ip_hash balancing was designed to work with internet services,
and use of /24 networks allows it to keep users from migrating
between backend servers as they get new IP address on
reconnect/reboot (typically from the same /24 network, at least at
the time ip_hash was introduced) while still providing good
distribution between backend servers.  This probably isn't very
useful nowadays, but this is how it works.

> If I am correct above, is there any way to create persistent connections
> based on the full IPv4 address?

There is a number of 3rd party modules available which do hash
calculation based on arbitrary variables, and these may be used if
you need a hash based on full client's IPv4 address (there is
$remote_addr variable).

--
Maxim Dounin
http://nginx.com/support.html

Maxim wrote on 02/06/2013 11:47:22 AM:

> The ip_hash balancing was designed to work with internet services,
> and use of /24 networks allows it to keep users from migrating
> between backend servers as they get new IP address on
> reconnect/reboot (typically from the same /24 network, at least at
> the time ip_hash was introduced) while still providing good
> distribution between backend servers.  This probably isn't very
> useful nowadays, but this is how it works.

Thank you for the explanation.

> > If I am correct above, is there any way to create persistent
connections
> > based on the full IPv4 address?
>
> There is a number of 3rd party modules available which do hash
> calculation based on arbitrary variables, and these may be used if
> you need a hash based on full client's IPv4 address (there is
> $remote_addr variable).

The backend I am hoping to use nginx for works fine without persistence, 
I
was just thinking it would help with troubleshooting by keeping all of a
user's activity on one server.  That way I would have one log to check. 
I
will look into those modules.





Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or 
entity
identified above as the addressee. If you are not the addressee (or the
employee or agent responsible to deliver it to the addressee), or if 
this
message has been addressed to you in error, you are hereby notified that
you may not copy, forward, disclose or use any part of this message or 
any
attachments. Please notify the sender immediately by return e-mail or
telephone and delete this message from your system.