Re: [pfSense] vCloud Director Howto: Load balancing with free pfSense

[Vick Khera]

On Mon, Jul 23, 2012 at 8:48 AM, Eugen Leitl  wrote:

> We have to setup the pools and virtual servers feature, it’s a
> nice-to-have to set up the “monitors” option which is also available (more
> about that in the To Do paragraph and the end of this article).
>
> In the pools options you have to configure which vCloud Director cells are
> available tot the load balancer. You have to define a separate pool for the
> web interface and a seperate pool for the console proxy. The screendump
> shows the configuration for the vCloud Director web interface pool:
>
> Define a name for the pool, configure the portnumber (443) and add both
> vCloud director cells to this pool. I’ve configured ICMP as a monitor
> option, this means a ping is send to a vCD cell to check it’s up and
> running. Although this is not a very thorough test (the OS of a cell is up
> and running, but the vCD service is down, the load balancer will still
> think the cell is available), this option is fine for this first setup.
>

How much traffic are you able to push thru the load balancer, and what is
your CPU load?  I found (and others have too) that if you are pushing your
CPU that the load balancer crumbles under that pressure, and you end up
with very very slow page loads and connections, and many timeouts for
clients.

I recently put a very very high-powered pair of servers in service as my
pfSense firewall (replaced a dual ALIX system), so need to re-evaluate this
again.  Right now I am just using port-forwards to a single back end.
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] vCloud Director Howto: Load balancing with free pfSense

[Michael Schuh]

Hi Eugen,

what a great article. Many thanks for sharing this.

greetings

m.

2012/7/23 Eugen Leitl 

>
>
> http://www.viktorious.nl/2012/04/22/vcloud-director-howto-load-balancing-with-free-pfsense-appliance/
>
> vCloud Director Howto: Load balancing with free pfSense
> Posted on April 22, 2012 by viktorious
>
> After reading this article, also check the follow-up: vCloud Director
> Howto: Load balancing with free pfSense – Cont’d
>
> After doing some testing with VMware’s vCloud Director, I wanted to
> configure a multi-cell vCD infrastructure with a network load balancer in
> front. Of course there are various commercial products (see Eric Sloof’s
> excellent article on configuring Kemp Load Master), I was actually looking
> for an open source alternative.
>
> pfSense is doing the trick! pfSense is a freeBSD based firewall solution,
> and the successor of m0n0wall (maybe you know that one). You can download
> pfSense at www.pfsense.org. I am using the 64 bit 2.0.1 version. You can
> download the ISO from the pfSense website.
>
> Note: This setup is intended for lab/home use :)
>
> The scenario we’re building consist of the following virtual machines:
>
> A pfSense based firewall and load balancer (in a virtual machine), one
> NIC connected to the internet, one nic connected to the management LAN.
> Two vCloud Director cells, both connected to the management LAN.
> A vCenter Server, also connected to the management LAN.
>
> First install pfSense in a virtual machine. My specs are: 1 vCPU, 256 MB
> RAM and 1 GB Disk, don’t forget to add two nics. The OS type is FreeBSD 64
> bit. Mount the pfSense CD and start the VM for the installation:
>
> Choose option 1, just boot pfSense
> After a short while, press I to install the software
> Choose defaults, when asked choose a Quick/Easy Install. Your disk
> will be wiped, but because you’ve just created a new VM, this shouldn’t be
> a problem. Choose the multi-processor kernel.
> After the installation has finished, reboot the virtual machine and
> disconnect the installation ISO.
> Now pfSense will boot with it’s default configuration.
>
> Now it’s time to create a basic configuration for pfSense through the
> command-line. After you’ve set the IP configuration, you will have a web
> interface available.
>
> pfSense will show you two nics: ‘em0′ and ‘em1′, which are the two nics of
> the virtual machine. You have to tell pfSense which interface is the WAN
> interface en which is the LAN interface:
>
> I prefer not to use the auto-detection feature, and just type em0 or em1
> depending on which NIC your WAN interface is. We don’t have an optional
> interface available, so just leave empty and press enter when asked. By
> default your WAN interface will search for a DHCP server, your LAN
> interface will be configured (by default) with IP address 192.168.1.1.
>
> After you have completed the basic configuration your pfSense VM startup
> screen will look like this:
>
> Ok, what’s next? Choose option 2 to configure the LAN and WAN interface
> according to your network settings. Keep mind that the LAN interface
> address, that’s the address your vCD cells will connect to, should be
> configured as the default gateway in your vCD cells. You can choose to use
> pfSense’s DHCP server if necessary. In my case the WAN interface is
> configured with 10.0.1.254/24, the LAN interface is configured with
> 192.168.1.254/24.
>
> Ok, now it’s time install vCD and create a basic configuration. Also
> install a second cell using the response.properties. More information about
> the vCD installation can be found in the “vCloud Director Installation and
> Configuration Guide”, available as PDF on the VMware website. The
> installation isn’t covered here, there are already enough resources
> available!
>
> After you have installed two vCD cells, you should be able to connect to
> both cells successfully. Because vCD is stateless, it shouldn’t matter
> which instance you’re connecting to. The properties of my two vCD cells are:
>
> vCD Cell 1:
>
> hostname: vcd1public.domain.local
> ip address for the vCD website: 192.168.1.237/24
> ip address for the vCD console proxy: 192.168.1.238/24
> dns: 192.168.1.253 (LAN side DNS server)
> gw: 192.168.1.254 (this is the LAN side IP address of pfSense!)
>
> vCD Cell 2:
>
> hostname: vcd1public.domain.local
> ip address for the vCD website: 192.168.1.231/24
> ip address for the vCD console proxy: 192.168.1.232/24
> dns: 192.168.1.253 (LAN side DNS server)
> gw: 192.168.1.254 (this is the LAN side IP address of pfSense!)
>
> Now the pfSense configuration, the configuration in this case will be:
>
> The pfSense firewall/load balancer has Public IP address 10.0.1.254
> vCD website traffic will be accessible through port 444, so
> https://10.0.1.254:444. (You can configure this alternative port in the
> vCD interface if necessary)
> Console proxy traffic will be acc