[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PF Load balancing plans?



Hey all,
I just spent about an hour and a half checking the associated mailing
lists. I apologize ahead of time in case I missed a recent discussion.
My company is starting to evaluate new firewall/load balancing options
to replace our aging and obfuscated infrastructure. We're looking at
everything viable on the market, and I'm looking specifically into
OpenBSD, out of personal preference.
I understand there's software like slbd which will add/remove servers
from a round-robin mechanism, but I would like to know if there are
any current plans for expanding on PF's internal load balancing
systems? I won't put out a wishlist just yet, in case there are
plans/patches in the process.
The systems we're looking for must be able to handle a large load
(well over 30,000 packets per second, 50,000+ firewall states, and a
lot of separate server pools). Various features are nice, but not all
necessary up front. Cost is not an issue; we would buy the fastest
intel/AMD based machine with the highest quality cards that OpenBSD
3.6 can handle, with as much ram as needed. Our ultimate goal is to
end up with two or three machines in a CARP failover/load balancing
cluster with pfsync going, while also having those handle the load
balancing. I have faith in 3.6 for the first part, but not the latter
just now.
If there are plans, or no plans, what could we possibly offer that
might help a process start and/or move? We're open to anything but
(probably) good patches from us. Seriously, donations or whatever are
possible, just let us know.
My C is weak, and while I can probably read and understand the code I
don't have much of a chance of successfully submitting patches to PF
on my own right now. I do have a lot of experience with load
balancing, and have written/adjusted a handful of algorithms in the
past under projects such as mod_backhand. As well as experience in
using a number of "higher end" load balancer products under very high
load, so I could certainly participate in a constructive discussion
with code flow examples.
Thanks a lot,
-Alan