load balancing on CARP

We have 2 OpenBSD 3.7 pf-firewalls which are redundant through CARP.

I have been experiencing problems in a client setup, but I am unable to reproduce it in our testlab at this moment.

I have a CARP interface which has a couple of aliases on it. These adresses are port forwarded and NAT'ed to and from an private range.
Load balancing is enabled on CARP.

The problem that I saw at the client is that from certain external adresses I was unable to reach the uneven ip addresses. While from another external address I was unable to reach the even ip addresses.

I'm now wondering if this could be due to the load balancing implementation of pf. Does someone here have in depth knowledge of it's implementation?

The behaviour seems like a typical OSPF implementation that I have seen before: Balancing based on the sum of the source and destination ip address. If the sum is even take one route, if the sum is uneven take the other. Is pf's CARP loadbalancing based on the same idea?

Enriko Groen
Zoranet systems administrator

[email protected] // +31 38 455 95 62
Zoranet // 8025 BS 6c // Zwolle // Netherlands