-----Original Message----- From: Ermal Luçi [mailto:ermal.l...@gmail.com] Sent: 12 June 2009 12:48 To: support@pfsense.com Subject: Re: [pfSense Support] Inbound load balancer performance under heavy load.
Can you please try a later snapshot after 11062009 it seems you had problems with sticky-connections! Though without analysis i might be compeletly WRONG. Ermal On Fri, Jun 12, 2009 at 12:52 PM, Jose Hernandez<j...@vidzone.tv> wrote: > It is fine Tebano, > > > > I appreciate your answer and as you said there are not other limitations > documented nor any other issues I could find anywhere, and I did spend some > time researching > > > > Regards, > > > > Jose Hernandez > Software and Systems Senior Engineer > VIDZONE DIGITAL MEDIA > > > > From: Tebano epaminonda [mailto:l_epa_m_ino...@hotmail.com] > Sent: 12 June 2009 11:44 > To: support@pfsense.com > Subject: RE: [pfSense Support] Inbound load balancer performance under heavy > load. > > > > > > ________________________________ > > From: j...@vidzone.tv > To: support@pfsense.com > Date: Fri, 12 Jun 2009 11:33:54 +0100 > Subject: RE: [pfSense Support] Inbound load balancer performance under heavy > load. > > Thank for your response, however the limitations on the featured list are > not the cause of the problem I am happy with the load balancer to equally > distribute the load, also happy with the firewall not checking for a valid > response but there seems to be any other limitation not listed > > > > Regards, > > > > Jose Hernandez > Software and Systems Senior Engineer > VIDZONE DIGITAL MEDIA > > > > ------------------------------------------------------------- > > > > Hi Josè. > > Sorry for the misunderstanding. > > I was simply trying to say that there aren't other limitation (that I know), > except the ones I've pasted You. > > Probably my answer wasn't really wroten correctly... sorry! > > Cheers. > > Tebano. > > > > From: Tebano epaminonda [mailto:l_epa_m_ino...@hotmail.com] > Sent: 12 June 2009 11:11 > To: support@pfsense.com > Subject: RE: [pfSense Support] Inbound load balancer performance under heavy > load. > > > > > > ________________________________ > > From: j...@vidzone.tv > To: support@pfsense.com > Date: Fri, 12 Jun 2009 10:29:03 +0100 > Subject: [pfSense Support] Inbound load balancer performance under heavy > load. > > Hi, > > > > Yesterday we had a service launch, and pfSense inbound load balancer let me > down big time We have been using pfSense 1.2-release version installed on > Dell PowerEdge R200 and CARP for redundancy for around a year now, it probed > to work although we never have had a very high load. > > > > Yesterday right after we launch the service, we start getting complaints of > many requests failing from users. After some investigation it was clear that > the request were not getting through to our systems!!! > > > > The only indication of something going bad was the traffic graph (attached > is a screen grab), it was picking up and down as never before We did some > load testing last week and the week before and we were seeing ~100Mbps > constant outbound speed, we also have seen in the past ~100Mbps inbound > speeds So I first blame our IP transit provider, after contacting them, > they confirmed to me that no packets were being lost or dropped anywhere in > their network and that their systems were just fine so the only other thing > that could be causing the problem was pfSense however I couldnt find any > indication of anything going wrong but the traffic graph memory and > processor were fine, states table size, no packets dropped in RRD Graphs, > etc > > > > After tweaking many settings in pfSense with no joy, I finally removed the > Virtual Server and created a NAT Port Forward to only one of our web servers > layer at the backend and that fixed the problem of requests not getting > through and the traffic graph was again stable I wonder if it is there any > known issue with the inbound load balancer I think the problem was with the > number of source IPs or states it had to deal with (after the load balancer > was removed, the states picked up to ~210000, as when load testing we tested > from a bunch of ~10 IPs > > > > The problem is that we do need load balancing, mainly for redundancy of our > systems at the back end > > > > The inbound load balancer that was set up had 3 servers in the pool and, the > port was HTTPS and TCP monitor was configured > > > > Is there anything in version 1.2-release that affects the performance of the > inbound load balancer? Would this performance issues go away if I upgrade to > the latest stable version, currently 1.2.2? > > > > We are also thinking in getting commercial support, however we are not sure > if this will help as we dont know if pfSense is actually able to take the > load > > > > Can anyone shed some light into this issues we are having? > > > > Regards, > > > > Jose Hernandez > > Software and Systems Senior Engineer > > VIDZONE DIGITAL MEDIA > > > > GET IN THE VIDZONE > > > > > > > > The contents of this e-mail and any attachments/inserts are strictly > confidential and sent for the attention of the addressee/s only. This e-mail > might contain confidential and/or privileged material therefore if you are > not the addressee/s, any distribution, review, disclosure, copying or other > use of this e-mail and any attachments/inserts is prohibited without written > provision. If received in error, please advise the sender and delete it from > your system immediately. Statements and opinions expressed may not represent > those of Rants Ltd and any representations or commitments in this email are > subject to contract. > > Rants Ltd (trading as VidZone) > > > > > > --- > > > > Hi. > > From features list: > > Inbound Load Balancing > > Inbound load balancing is used to distribute load between multiple servers. > This is commonly used with web servers, mail servers, and others. Servers > that fail to respond to ping requests or TCP port connections are removed > from the pool. > > Limitations > > Equally distributes load between all available servers - unable to unequally > distribute load between servers at this time. > Only checks if the server responds to pings or TCP port connections. Cannot > check if the server is returning valid content. > > More info on: > http://pfsense.org/index.php?option=com_content&task=view&id=40&Itemid=43 > > Cheers. > Tebano. > > > > ________________________________ > > check out the rest of the Windows Live. More than mailWindows Live goes > way beyond your inbox. More than messages > > > > ________________________________ > > check out the rest of the Windows Live. More than mailWindows Live goes > way beyond your inbox. More than messages -- Ermal --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Hi Erma, You say that the problem would be with the sticky-connection... is that a fact? I don't really need sticky connections... In the middle of the crisis, I did removed the sticky-connections from the Advanced menu, but that didn't fix the problem, although I didn't restart pfsense nor sldb... is this change picked as soon as it is saved? If I remove the sticky connections and restart pfsense or sldb, would this fix the problem? About trying another version, I would, but this is now a global service and I need to be sure that the problem is going to be fixed... or at least a convincing explanation of what I am trying, have been any bug fixes in the latest release for the load balancer? Were those fixed bugs the reason the load balancer was failing for me? as I cannot just try and bring the service down for no other reason than trying. Regards, Jose --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org