[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: route-to round-robin not working for windows clients?

On Thu, Jan 20, 2005 at 06:42:49PM -0300, Emilio Lucena wrote:
> However, when I ping the same Internet host from an internal WINDOWS 
> client, the policy is not necessarily respected any more. I guess 
> that it has something to do with PF state expiration, because I 
> noticed that PF only switches the traffic to the other external 
> interface after the ICMP state is purged.
One possible explanation is that the windows client is using the same
ICMP id for both invocations of ping. pf uses the ICMP id to associate
ICMP echo requests and replies with a state entry. Most Unices will use
a random ICMP id on each invocation of ping, leading to multiple states
for multiple (concurrent or sequential) invocations. The round-robin
cycling occurs when a state is created. If a client uses the same ICMP
id for multiple invocations, you'll not see cycling, unless you wait
long enough between two invocations for the first state to time out and
get removed.
I guess you don't really need ping 'connections' to get round-robin'ed,
it was merely a way to test the setup. Try UDP instead, even a windows
box will have to use different source ports for different connections.