[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf load balancing

i have done it this way, but still have some problems:

              |---gw1 ----- |LAN    --|      |            | - WAN
              |---gw2 ----- |                ( (B)

gw2 just have a backup carp interface
gw1 is carp master with
nat is running on both gw with ip address ending with 4 and 5.
gw1 and gw2 are interconnected thru a 3 nic with an IP range ($i_if) (ending with 1 and 2).

my pf.conf is the following:

- gw1
nat on $ext_if inet from to any -> xxx.xxx.xxx.4

pass in quick inet proto carp
pass in on $int_if route-to { ($ext_if xxx.xxx.xxx.2) , ($i_if } round-robin sticky-address inet from to any keep state

- gw2

nat on $ext_if inet from to any -> xxx.xxx.xxx.5

i've tested with route-to with each of the next hops sitting alone (ie. just with the first one and with the second one) and it worked well.

when i run it with this config things start working well and after sometime the connection hangs. if i wait for some time it starts working again.

any clue?


Karl O. Pinc wrote:

On 09/21/2005 10:19:42 PM, Lucas wrote:

i tried with it, but it works if i have a machine in the middle. like this:
LAN ----- obsd (load balancer with route-to) ------ GW1 -------- WAN

i want something to work in this scenario:

LAN ---------------- GW1 ------------------ WAN

can route-to do the work in this case?

I take it back, you could put two networks on the link
between GW1 and WAN, and then use route-to.  However,
you would not truely be able to secure GW2 and GW3.

Karl <[email protected]>
Free Software:  "You don't pay back, you pay forward."
                 -- Robert A. Heinlein