[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pf load balancing
i have done it this way, but still have some problems:
|---gw1 ----- |LAN --| | | - WAN
|---gw2 ----- | (10.1.1.1) (B)
gw2 just have a backup carp interface
gw1 is carp master with 10.1.1.1
nat is running on both gw with ip address ending with 4 and 5.
This will cause you problems. Assuming gw1 is the carp master, packets
from 10.0.0.0/8 to the WAN will get NATed to 192.168.1.4. Now assume
that gw2 becomes master. Packets coming back in from the WAN have a dest
address of 192.168.1.4. gw2 knows nothing of this address. I'm not quite
sure what would happen with outgoing packets that match states created
when gw1 was master; they'd probably be passed through and continue to
be NATed to 192.168.1.4. What eventually happens is that flow will time
out and the LAN client will retry the connection and succeed.
The solution is to create a separate carp group on the WAN side and nat
all outbound connections to that VIP.
It's not exactly clear what you're trying to do. Are you still trying to
load balance between 3 gateways? In other words, you have 3 OpenBSD
routers/firewalls and you want to load balance traffic across them? carp
will handle that without issue as long as it's configured properly.
arpbalance is what you're looking for.