Bill Marquette wrote: >> Thus I would like to ask >> 1/ how quickly should pfsense discover one of the units in the pool is dead? > > 5 seconds
thanks for that. From my limited testing that's what I observed. I'm told we can live with that. I must admit to being lazy^W overworked, trying to find a usable solution without having to roll a full HA strategy for now ;-) >> 2/ why didn't pfsense pick up the dead unit when I connected and know to >> redirect, or at least only fail the once? > Nope. The load balancing is performed by pf which has no concept of > dead servers. The actual monitoring is performed in userland and the > rules modified based on detection of dead servers. It'd be nice if it also picked up the icmp dest unreachable, but that might involve a bit of work! >> 3/ can I tune the timers, can I add weights to favour one server over > Nope. I might be convinced to make the timers a tunable. And I > believe someone did try to do ratio style load balancing by adding the > same server multiple times (I'm pretty sure the ratio load balancing > works, I'm not sure if we actually allow for it in the UI). no, it says the IP is already in the list and refuses to add it; I guess that javascript could be changed to say "are you sure" and make it possible. > Well, pfSense is a firewall, not a load balancer. It was "easy" to > add simple load balancing features, going any further would be a > significant undertaking and in my opinion would distract from the > goals of pfSense. yes, I agree that trying to add a complex load balancing solution (such as LVS) would detract from pfsense, I am just wondering where a comfortable position would lie, even "haproxy" or "balance" might be too much? > I suppose the main questions here are how important it is that you > have more frequent polling (which btw, will increase the load on the > web servers since we'll be hitting them more frequently), how > important the "better" load balancing features are to you, and how > much you're willing to spend. I think being able to tune the time would be most practical to the nearest tenth of a second (above, say, 5s could have a granularity of 1s), we're likely to be a high traffic site so it'd represent a negligible impact overall. I am happy to have a hack at the code and/or be a beta tester for this. If we do go fully live with pfsense I anticipate a favourable reception asking senior management to pay for pfsense support as they were expecting to have to pay for a commercial option! regards Paul --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]