[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf load balancing



i have done it this way, but still have some problems:

                 10.1.1.1 (M)
              |---gw1 ----- |LAN    --|      |            | - WAN
              |---gw2 ----- |                (10.1.1.1) (B)

gw2 just have a backup carp interface
gw1 is carp master with 10.1.1.1
nat is running on both gw with ip address ending with 4 and 5.
gw1 and gw2 are interconnected thru a 3 nic with an 192.168.0.0/24 IP range ($i_if) (ending with 1 and 2).


my pf.conf is the following:

- gw1
nat on $ext_if inet from 10.0.0.0/8 to any -> xxx.xxx.xxx.4

pass in quick inet proto carp
pass in on $int_if route-to { ($ext_if xxx.xxx.xxx.2) , ($i_if 192.168.0.2) } round-robin sticky-address inet from 10.0.0.0/8 to any keep state


- gw2

nat on $ext_if inet from 10.0.0.0 to any -> xxx.xxx.xxx.5

i've tested with route-to with each of the next hops sitting alone (ie. just with the first one and with the second one) and it worked well.

when i run it with this config things start working well and after sometime the connection hangs. if i wait for some time it starts working again.


any clue?



Lucas



Karl O. Pinc wrote:



On 09/21/2005 10:19:42 PM, Lucas wrote:


i tried with it, but it works if i have a machine in the middle. like this:
GW2
LAN ----- obsd (load balancer with route-to) ------ GW1 -------- WAN
GW3



i want something to work in this scenario:


                             GW2
LAN ---------------- GW1 ------------------ WAN
                              GW3


can route-to do the work in this case?


I take it back, you could put two networks on the link
between GW1 and WAN, and then use route-to.  However,
you would not truely be able to secure GW2 and GW3.

Karl <[email protected]>
Free Software:  "You don't pay back, you pay forward."
                 -- Robert A. Heinlein