Get my Fundamentals of Networking for Effective Backends udemy course Head to network.husseinnasser.com (link redirects to udemy with coupon)

As IP tables is O(n), kube proxy has replaced it with IPVS ( IP Virtual Server) it is built on Netfilter framework & operates with O(1). It has several load balancing techniques like rr: round-robin lc: least connection dh: destination hashing sh: source hashing sed: shortest expected delay nq: never queue

🎯 Key Takeaways for quick navigation: 00:00 🔄 *Overview of the Video* - Introduction to the significance of proxies, reverse proxies, and load balancers. - Teaser about using iptables for kernel-native load balancing at the netfilter packet level. 00:29 🐧 *Setting the Stage for iptables Load Balancing* - Announcement of exploring iptables for kernel-native load balancing. - Emphasis on achieving high-speed load balancing at the netfilter packet level. - Introduction to the two-part video series using a Raspberry Pi. 02:20 🌐 *Configuring Round Robin Load Balancing* - Explanation of the scenario with four services on different IP addresses. - Objective to load balance traffic to these services using TCP layer 4 (round-robin). - Demonstration of iptables rules for round-robin load balancing. 07:43 🔄 *Understanding Rule Evaluation in iptables* - Clarification on how iptables rule evaluation occurs. - Explanation of the "nth" matching module with "every" parameter. - Demonstrating the round-robin load balancing iptables rules. 11:48 🔄 *Introducing Source NAT to Resolve Issues* - Identifying the issue with source NAT and the need for resolution. - Application of source NAT in iptables for proper packet return to the Raspberry Pi. - Verifying the iptables rules after introducing source NAT. 13:56 🎭 *Transitioning to Random Load Balancing* - Clearing existing rules in the pre-routing chain for a transition to random load balancing. - Introduction to the "random" mode in the statistics matching module. - Setting up iptables rules for random load balancing with specified probabilities. 21:23 🔄 *Clarification on Random Load Balancing Probabilities* - Explanation of adjusting probabilities for random load balancing. - Clarifying the distribution of probabilities to achieve the desired load balancing. - Demonstrating iptables rules for random load balancing. 24:20 💡 *Insight into Cloudflare's Kernel Load Balancer* - Reference to Cloudflare's "Onimong" kernel load balancer. - Acknowledgment of the power and efficiency of kernel-level load balancing. - Encouragement to explore Cloudflare's load balancing approach. 25:40 🤝 *Closing Remarks and Channel Support* - Summary of the video's content and topics covered. - Call to action for viewers to subscribe, like, and explore Udemy courses for channel support. - Closing remarks and anticipation for the next video. What are *the key differences between layer 4 and layer 7 load balancing?* Can you *explain more about the challenges and complexities associated with layer 7 load balancing?* How does *Cloudflare's "Onimong" kernel load balancer compare to traditional software-based load balancers in terms of performance and efficiency?* Made with HARPA AI

Another one!! DJ Khalid .........man you are awesome

Love the absolutely unfiltered words coming out of your month man!

Love the content and the energy! Not a lot of programming material with your liveliness out there

4:55 check out LXC containers (maybe not LXD, just LXC ?). It's very efficient and works like VMs. Also works on hardware which doesn't have virtualization extensions. Or inside a VM on your Mac. 17:30 looks like it created a new connection because you opened the Developer Tools (possibly because you have 'disable caching' enabled). Ahh, Cloudflare Unimog used XDP (which is done though ePBF). No surprise they worked with the Cilium people. Good to see they are using some kind of stable hashing for their ECMP. Sounds like they replaced what they were doing before (maglev).

Greate video Hussein. Thank you. This video is needed to understand how Kubernetes Services work internally.

Peautiful DJ Nasser! Learnt so much.

Love your energy and passion Hussein ! I feel the same about CS topics. Much love ❤️

The Kernel has a load balancer subsystem called ipvs, which can be controlled from userspace with ipvsadm or keepalived.

Awesome. I was struggling with kube-proxy iptables service routing. This video helped me a lot.

Great! Could you please make a video on eBPF, currently there's much hype going on this. It has potential to replace iptables/netfilter.

So wonderful with such brilliant content and bbox😍!

Does this work for case like we do a POST request with pretty large body? There may be multiple tcp packets and then the 1st packet goes to one server, and 2nd goes to another server?

can you please make video about apache load balancing?

Awesome, Hussein !! Would you mind guiding the concept of failover if serv1 failed it should point to serv2. and reinstate old rule if serv1 is up.

hi, i wonder when we use a dedicated host to do iptable routing, as in your Nodejs case, what is the performance benchmark? what is the max traffic and connections that one host can load balance? Thanks.

How dose TCP knows how to keep been routed to the same service once the connection has been established?

Thanks for your information and cooperation

Can we create Api endpoints?? like forward to particular endpoint if it matches /api, /api1

is this what happens when you configure security groups in AWS, also does kube-proxy use this under the hood?

Thanks for this amazing explanation. I have a question which may sound silly as I am very new in this area. As you explained in load balancer use case, the rule applies only for SYN packet, and as I understand once the TCP connection is set up packets will be forwarded to that endpoint only. But in case of a one to one DNAT, does every packet in the TCP get translated by DNAT ? Suppose I have an active TCP connection to a virtual IP which gets DNATed to a different host IP. Now if I update the rule by keeping the virtual IP same but changing the destination, what would happen to the already open TCP connection ? Thanks in advance

what if we change the source ip address of every packet going from real servers to that of the load balacner's ip, so the client assumes that the packet is coming from the load balacner. Will it achieve direct server return?

Does this handle connections to down servers and redirect them to others?

awesome content please make content on K8s and WAF implementation

dj khaled ANOTHA ONE

What is a kernel?

Very good content sir💙. Can you make a video by using both nginx and iptables for perfect maximum load balancing for production?

Please somebody explain me why chrome uses same connection? Why connection is not dropped because as far as I know after response is received http drops the connection? Why connection is not dropped? Is it http version 2? What am I missing here?

Please part 3

Jast want to share.. # iptables -S # iptables -S INPUT # iptables -S INPUT 1 # iptables -t nat # iptables -t nat -S PREROUTING Doumo Arigatou Gozaimasita. p/s: protocol in Japanese accent.. purotokoru.. :)

Natoo

How to get high from learning instead of weed.

First! 💪

I appreciate the videos, but your audio gives me headaches. A mixture of a better mic and less explosiveness in some words would make a big difference(too many pops and distortion, recorded almost carelessly). Again, love the content, but audio needs work. Thanks!