
Minuteman: A Distributed HA Load Balancer - blopeur
https://github.com/dcos/minuteman
======
bogomipz
How is this different from bamboo - also an HAproxy based LB thats via the
marathon framework?

[https://github.com/QubitProducts/bamboo](https://github.com/QubitProducts/bamboo)

~~~
sargun
Co-author here!

There are several differences: 1\. We're coupled with the kernel and operating
at layer 4. Specifically, we play with the conntrack subsystem. This means,
you may pay a little higher cost for the first packet of a connection (because
we've got to program the flow), but once the flow is programmed, it's totally
going through kernel space. The way Minuteman is meant to be used is to act as
the underlying router of a connection pool, or some such.

2\. We expose the pools as "VIPs" or Virtual IPs. When you expose a service,
you specify an IP-port pair (like 1.2.3.4:5000). In my opinion, that's a
little bit nicer than Bamboo's routing.

3\. We work with all Mesos frameworks.

4\. We have an underlying distributed control plane
([https://github.com/dcos/lashup](https://github.com/dcos/lashup)), which lets
us detect failures incredibly fast. We've evaluated its capabilities here:
[https://github.com/dcos/minuteman#evaluation](https://github.com/dcos/minuteman#evaluation)

------
cm3
This should probably more prominently explain at the beginning of the README
that it's for Linux. Nothing wrong with that, but being bound to Linux is an
important detail.

~~~
sargun
Thanks! I'll be sure to add that note! Currently, minuteman targets
Mesosphere's DC/OS (dcos.io), which is Linux only.

We've thought about what it would take to port it to Windows, and it's
feasible. Just a matter of work. If you're interested, let me know.

------
bogomipz
Thanks for the response. Agree about the Bamboo routing. Lashup is
interesting. Is the conntrack data replicated then to all Minuteman nodes so
if you were to lose one minutemen a client wouldn't lose its "established"
state when it has to connect to another minuteman node? Or am I failing to
understand the design?

------
rdtsc
This looks great.

Like the use of a in-kernel netfilter for data plane.

Clustering and failure recovery look solid as well.

------
sargun
Co-Author here. If anyone has any questions, feel free to ask!

~~~
chinathrow
Is the naming on purpose to be identical to an ICBM?

~~~
sargun
I really enjoy naming things. The naming has a bit of a history. The first
version used open flow. We wrote the flows on demand for the connections, and
the project's name was 'Minuteman: flows at a moment's notice' as a reference
to the soldiers during the revolutionary war that were prepared to fight at a
moment's notice.

Although we changed the architecture, we decided to stick with Minuteman.
Mesosphere's naming scheme has historically had to do with space. The road to
the stars was originally paved by programs such as Minuteman -- Our mission is
to orchestrate the data center. You can't do that without networking.
Minuteman is our first networking component of many as one of the first
components to help pave our way.

------
thesystemsguy
Could you please comment on how this compares to Linux Virtual Server/ipvs
that is also a Linux kernel-level layer 4 load balancing technology?

