On Sat, 16 Dec 2023 18:53:29 +0100 Petr Ročkai <m.v0adg...@fixp.eu> wrote:
> Hi, > > On Sat, Dec 16, 2023 at 06:37:54PM +0100, Marko Cupać wrote: > > pass in on em0 from (em0:network) to <public> probability 50% > > rtable 1 pass in on em0 from (em0:network) to <public> probability > > 50% rtable 2 > > IIUIC these two only add up to 75% probability – you presumably want > probability 50% on the second of the two (the first one then being a > match for everything that the later rule doesn't take up). Thank you, I can confirm that your solution: pass in on em0 from (em0:network) to <public> rtable 1 pass in on em0 from (em0:network) to <public> probability 50% rtable 2 ... results in what I was trying to achieve - it load balances over both uplinks without any blocked packets as long as both uplinks are active. What OpenBSD FAQ https://www.openbsd.org/faq/faq6.html#Multipath says for a bit different scenario applies to some extent for this one as well: "It's worth noting that if an interface used by a multipath route goes down (i.e., loses carrier), the kernel will still try to forward packets using the route that points to that interface. This traffic will of course be blackholed and end up going nowhere. It's highly recommended to use ifstated(8) to check for unavailable interfaces and adjust the routing table accordingly." ...except - if I'm not mistaken - ifstated should in this case adjust pf ruleset instead of routing table. If so, would using anchors be the best way? Any working examples to share? I used some simple ifstated rules but it is hard to wrap my head around probability percentages for all the use cases - first link up, second down and vice versa. Thank you in advance, -- Before enlightenment - chop wood, draw water. After enlightenment - chop wood, draw water. Marko Cupać https://www.mimar.rs/
