On 9/25/07, Paul M <[EMAIL PROTECTED]> wrote: > >> 2/ why didn't pfsense pick up the dead unit when I connected and know to > >> redirect, or at least only fail the once? > > Nope. The load balancing is performed by pf which has no concept of > > dead servers. The actual monitoring is performed in userland and the > > rules modified based on detection of dead servers. > > It'd be nice if it also picked up the icmp dest unreachable, but that > might involve a bit of work!
Yep, again, the load balance itself is performed in kernel. pf itself doesn't really care about icmp unreachables (and that only addresses the issue of Apache going down, not of the whole box crashing). > > same server multiple times (I'm pretty sure the ratio load balancing > > works, I'm not sure if we actually allow for it in the UI). > > no, it says the IP is already in the list and refuses to add it; I guess > that javascript could be changed to say "are you sure" and make it possible. Hmmm, the hackathon is coming up in a couple weeks. I'll take a look at this there (it won't make the 1.2 release). > > Well, pfSense is a firewall, not a load balancer. It was "easy" to > > add simple load balancing features, going any further would be a > > significant undertaking and in my opinion would distract from the > > goals of pfSense. > > yes, I agree that trying to add a complex load balancing solution (such > as LVS) would detract from pfsense, I am just wondering where a > comfortable position would lie, even "haproxy" or "balance" might be too > much? haproxy and balance (as long as you understand that they're proxies and as such you'll lose source address info at the webserver) would make for fine packages. I'm personally not interested in creating such a package (and the original load balance code was sponsored so had restrictions), but I'd be more then willing to give pointers to someone wanting to work on packaging either of these. > > I suppose the main questions here are how important it is that you > > have more frequent polling (which btw, will increase the load on the > > web servers since we'll be hitting them more frequently), how > > important the "better" load balancing features are to you, and how > > much you're willing to spend. > > I think being able to tune the time would be most practical to the > nearest tenth of a second (above, say, 5s could have a granularity of > 1s), we're likely to be a high traffic site so it'd represent a > negligible impact overall. We could probably do to the nearest second (I'd suggest that the minimum we could safely do with our current monitoring solution is likely to be 2 seconds) - it'll be a box wide setting as the polling timing isn't specified on a virtual server basis. > I am happy to have a hack at the code and/or be a beta tester for this. I'll likely hit on this during the hackathon, I'll shoot you an email in mid October. --Bill --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
