From owner-freebsd-stable@freebsd.org Mon Jan 14 16:23:34 2019 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 601F814A4C71 for ; Mon, 14 Jan 2019 16:23:34 +0000 (UTC) (envelope-from mark@exonetric.com) Received: from relay.exonetric.net (relay0.exonetric.net [178.250.72.161]) by mx1.freebsd.org (Postfix) with ESMTP id 84C2169B5C for ; Mon, 14 Jan 2019 16:23:33 +0000 (UTC) (envelope-from mark@exonetric.com) Received: from [10.217.43.164] (unknown [109.144.220.20]) by relay.exonetric.net (Postfix) with ESMTPSA id C6AE22BBDD; Mon, 14 Jan 2019 16:23:25 +0000 (GMT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (1.0) Subject: Re: Any suggestions for a layer 3 load ablancer for 12, as relayd doesnt work anymore From: Mark Blackman X-Mailer: iPad Mail (16C50) In-Reply-To: Date: Mon, 14 Jan 2019 16:23:24 +0000 Cc: freebsd-stable@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <3D5F990E-5E0E-4B5C-9D9B-C0A1C1F7EDCB@exonetric.com> References: To: Pete French X-Rspamd-Queue-Id: 84C2169B5C X-Spamd-Bar: ++++ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [4.43 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; MV_CASE(0.50)[]; NEURAL_SPAM_SHORT(0.84)[0.837,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[exonetric.com]; AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(0.83)[0.825,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[exonetric.com.in.heluna.com,exonetric.com.in.heluna.com,exonetric.com.in.heluna.com]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_SPAM_LONG(0.99)[0.989,0]; R_SPF_NA(0.00)[]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:12290, ipnet:178.250.72.0/21, country:GB]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(0.29)[ipnet: 178.250.72.0/21(1.23), asn: 12290(0.30), country: GB(-0.09)]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Jan 2019 16:23:34 -0000 > On 14 Jan 2019, at 16:15, Pete French wrote: >=20 > So, until the middle of this afternoon I was, doing my load balancing usin= g > relayd from ports and PF. My own fault for not checking, but I upgraded > one of the firewall pair to 12 and then discovered that the relayd port is= > no longer available. >=20 > Am now puzzling over solutions to this - I dont really want to stay on > 11 forevere. Moving to OpenBSD to get their PF and relayd is a bit of > an uncomfortable idea as we gain a lot from having one OS everywhere that > people know, so does anyone have any suggestions ? >=20 > PF round robin is not good enough for this as I have some dynamic problems= > which indicate when a node is up or down. Relayd will check these, but the= > basic PF wil not as far as I know. >=20 > What do other people do ? Use HAproxy for basic load balancing and Traefik for more sophisticated usag= e. Not sure how you get seamless failover with either though. That was the n= ice thing about relayd/PF - Mark=