[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

round-robin sticky-address



Following configuration is for load-balancing 2*2,3Mbit HDSL lines with round-robin sticky-address features.

But I got this problem:

when there is few users- load balancing works great, but with 50 and more users periodically stops working msn-messenger and anyone unable to open any website, after couple of minutes all works fine for some time. Then it starts again...
Strange is that ping works any time.



FreeBSD 5.3 RELEASE


ALTQ compiled in kernel

/etc/rc.conf
--------------------------------------
gateway_enable="YES"
hostname="server.somewhere"
ifconfig_xl0="inet 172.16.16.20 netmask 255.255.0.0"
ifconfig_xl1="00.235.00.202"
ifconfig_xl2="00.159.00.90"

sshd_enable="YES"
usbd_enable="NO"
ntpd_enable="YES"

inetd_enable="NO"
kern_securelevel_enable="NO"
sendmail_enable="NO"

pf_enable="YES"

---------------------------------------

# /etc/pf.conf
ext_if0="xl1" # external 0
ext_if1="xl2" # external 1
int_if="xl0" # internal network.
internal_net="172.16.0.0/16"
external0_addr="00.235.00.202"
external1_addr="00.159.00.90"
ext_gw0="00.235.00.201"
ext_gw1="00.159.00.89"

set timeout src.track 60

scrub in all

nat on $ext_if0 from $internal_net to any -> ($ext_if0)
nat on $ext_if1 from $internal_net to any -> ($ext_if1)

block all

# pass all outgoing packets on internal interface
pass out on $int_if from any to $internal_net
# pass in quick any packets destined for the gateway itself
pass in quick on $int_if from $internal_net to $int_if
# load balance outgoing tcp traffic from internal network.
pass in on $int_if route-to { ($ext_if0 $ext_gw0), ($ext_if1 $ext_gw1) } round-robin sticky-address proto tcp from $internal_net to any flags S/SA modulate state
# load balance outgoing udp and icmp traffic from internal network
pass in on $int_if route-to { ($ext_if0 $ext_gw0), ($ext_if1 $ext_gw1) } round-robin sticky-address proto { udp, icmp } from internal_net to any keep state
# general "pass out" rules for external interfaces
pass out on $ext_if0 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if0 proto { udp, icmp } from any to any keep state
pass out on $ext_if1 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if1 proto { udp, icmp } from any to any keep state


# route packets from any IPs on $ext_if0 to $ext_gw0 and the same for
# $ext_if1 and $ext_gw1
pass out on $ext_if0 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any
pass out on $ext_if1 route-to ($ext_if0 $ext_gw0) from $ext_if0 to any

# eof