Hello,
i try to set up a load balancing machine for internal use. We have 2
webservers serving a web-app. This application depends on sticky clients,
because it is using sessions w/o session replication. I try to set up a dsr
environment, which is working perfectly at first glance.
I set the
set timeout src.track 3600
in my pf.conf, but the source tracking entries in pf only shows with:
10.66.66.2 route-to 10.243.10.4 ( states 0, connections 0, rate 0.0/0s )
age 00:00:01, expires in 00:00:00, 0 pkts, 0 bytes, rule 0
It expires with the next "timeout interval" which is 10s (default).
This ends in a stickyness of my clients only while their tcp-connection is
alive + (max 10s).
Is there a way to increase this by relayd.conf or by setting magic timeouts in
pf.conf?
my pf.conf:
set limit states 100000
set skip on lo
set timeout src.track 3600
anchor "relayd/*"
pass in
pass out
my relayd.conf:
table <web> { 10.243.10.4 10.243.11.4 }
redirect nagios {
listen on 10.244.2.199 port 80
sticky-address
session timeout 3600
route to <web> mode least-states check tcp interface vlan243
}
This is a loadbalancing only set up. So we do not need the security of pf in
this case. We also need the dsr, because the routing from the server to the
client is asynchronous or in some cases the clients are on the same local
network like the balanced servers.
Greets
Martin
