Hi,
It's a very interesting question - at least for me. :)
István Szukács wrote:
hi!
http://people.freebsd.org/~mlaier/sucon.pdf
CARP
Supports layer 2 load balancing (ARP based)
But the OP claims that pfsync is not fast enough to sync all states? How
will balancing work then?
Also I can't imagine the combination of bridge and carp (on same
firewall).. after all CARP needs IP and bridge is transparent?
cheers
On Wed, Jul 9, 2008 at 8:14 AM, Mark Pagulayan <[EMAIL PROTECTED]>
wrote:
Hi Guys,
I was just wondering if anyone of you have done layer 2 load balancing with
PF.
We tried to load balance traffic between two bridge firewall through OSPF,
by putting equal weights on the router ports. But the problem we encountered
is that when packet exits FW1 ( a state is created) it returns to FW2, the
packet gets drop because the state created on FW1 has not yet synced on FW2.
I guess you have two external uplinks - one for every firewall. Can you
draw simple schema of the network topology?
We did this experiment because the firewall starts to drop packets when
packet rates reach 30Kp/s hoping that we load balance it, we can distribute
traffic to the firewalls. And just for information where a using a Gig
interface (em)
30kpps is very low. Bridge with stateful PF should handle at least
100-150kpps, probably your hardware is not up to the task?
You may want to look at "Freebsd IP Forwarding performance (question,
and some info) [7-stable, current, em, smp]" thread in freebsd-net archives
for how to tune your router/firewall.
I wanted to ask if anyone of you have done load balancing on layer2 and
how they have done it.
Your help guys would be mostly appreciated.
Best Regards,
Mark
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
--
Best Wishes,
Stefan Lambrev
ICQ# 24134177
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
