On Tue, Jan 12, 2010 at 11:11:54PM -0500, Pascal Lalonde wrote: > I just caught the following from openbsd-cvs: > > http://marc.info/?l=openbsd-cvs&m=126326657232193&w=2 > > If my understanding is correct, this means that it will become > impossible to emulate weighted round robin with constructs like the one > below, since duplicate IPs will be "flattened" once converted to a > standard PF table? > > rdr on em0 inet proto tcp \ > from any to 192.168.100.100 port = www -> { > 10.0.0.1, 10.0.0.1, 10.0.0.1, \ > 10.0.0.2, 10.0.0.2, \ > 10.0.0.3 \ > } round-robin > > Is this right?
Well, that rule above will not parse anymore on -current, you need to use match or pass with rdr-to now. But yes, the above construct will stop working. My first thought is to wonder why you're not running with a symmetrical cluster. But I realise that we are not always in control of such things, and one of PFs functions is to get help people work around bad network design. There are a few things you can do here to get a similar effect. 1) Assign multiple IP addresses to the servers you'd like to hit more heavily. match on em0 inet proto tcp \ from any to 192.168.100.100 port = www \ rdr-to { 10.0.0.1, 10.0.0.2, 10.0.0.3, \ 10.0.0.11, 10.0.0.12, \ 10.0.0.21 \ } round-robin 2) Use the 'probability' keyword pass quick on em0 inet proto tcp from any to 192.168.100.100 \ probability 50% rdr-to 10.0.0.1 pass quick on em0 inet proto tcp from any to 192.168.100.100 \ probability 70% rdr-to 10.0.0.2 pass quick on em0 inet proto tcp from any to 192.168.100.100 \ rdr-to 10.0.0.3 The changes just committed are actually cleanup that needs to happen if you want to see some more intelligent weighted load balancing in PF than these hacks. But that is still a far ways off, definately after 4.7. -Ryan