From owner-freebsd-pf@FreeBSD.ORG Mon Nov 2 11:07:01 2009 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0087C106566B for ; Mon, 2 Nov 2009 11:07:01 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id D917C8FC13 for ; Mon, 2 Nov 2009 11:07:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id nA2B70Vh033683 for ; Mon, 2 Nov 2009 11:07:00 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id nA2B70Ct033681 for freebsd-pf@FreeBSD.org; Mon, 2 Nov 2009 11:07:00 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 2 Nov 2009 11:07:00 GMT Message-Id: <200911021107.nA2B70Ct033681@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Nov 2009 11:07:01 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/137982 pf [pf] when pf can hit state limits, random IP failures o kern/136781 pf [pf] Packets appear to drop with pf scrub and if_bridg o kern/135948 pf [pf] [gre] pf not natting gre protocol o kern/135162 pf [pfsync] pfsync(4) not usable with GENERIC kernel o kern/134996 pf [pf] Anchor tables not included when pfctl(8) is run w o kern/133732 pf [pf] max-src-conn issue o kern/132769 pf [pf] [lor] 2 LOR's with pf task mtx / ifnet and rtent f kern/132176 pf [pf] pf stalls connection when using route-to [regress o conf/130381 pf [rc.d] [pf] [ip6] ipv6 not fully configured when pf st o kern/129861 pf [pf] [patch] Argument names reversed in pf_table.c:_co o kern/127920 pf [pf] ipv6 and synproxy don't play well together o conf/127814 pf [pf] The flush in pf_reload in /etc/rc.d/pf does not w o kern/127439 pf [pf] deadlock in pf f kern/127345 pf [pf] Problem with PF on FreeBSD7.0 [regression] o kern/127121 pf [pf] [patch] pf incorrect log priority o kern/127042 pf [pf] [patch] pf recursion panic if interface group is o kern/125467 pf [pf] pf keep state bug while handling sessions between s kern/124933 pf [pf] [ip6] pf does not support (drops) IPv6 fragmented o kern/124364 pf [pf] [panic] Kernel panic with pf + bridge o kern/122773 pf [pf] pf doesn't log uid or pid when configured to o kern/122014 pf [pf] [panic] FreeBSD 6.2 panic in pf o kern/121704 pf [pf] PF mangles loopback packets o kern/120281 pf [pf] [request] lost returning packets to PF for a rdr o kern/120057 pf [pf] [patch] Allow proper settings of ALTQ_HFSC. The c o bin/118355 pf [pf] [patch] pfctl(8) help message options order false o kern/114567 pf [pf] [lor] pf_ioctl.c + if.c o kern/114095 pf [carp] carp+pf delay with high state limit o kern/111220 pf [pf] repeatable hangs while manipulating pf tables s conf/110838 pf [pf] tagged parameter on nat not working on FreeBSD 5. o kern/103283 pf pfsync fails to sucessfully transfer some sessions o kern/103281 pf pfsync reports bulk update failures o kern/93825 pf [pf] pf reply-to doesn't work o sparc/93530 pf [pf] Incorrect checksums when using pf's route-to on s o kern/92949 pf [pf] PF + ALTQ problems with latency o bin/86635 pf [patch] pfctl(8): allow new page character (^L) in pf. o kern/82271 pf [pf] cbq scheduler cause bad latency 36 problems total. From owner-freebsd-pf@FreeBSD.ORG Fri Nov 6 11:46:21 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8824D106566C for ; Fri, 6 Nov 2009 11:46:21 +0000 (UTC) (envelope-from andre@netvision.com.br) Received: from mx.netvision.com.br (mx.netvision.com.br [200.215.94.31]) by mx1.freebsd.org (Postfix) with ESMTP id 42E998FC08 for ; Fri, 6 Nov 2009 11:46:21 +0000 (UTC) Received: from mx.netvision.com.br (unknown [127.0.0.1]) by mailer.netvision.com.br (Postfix) with ESMTP id F0F211CBB92 for ; Fri, 6 Nov 2009 09:30:11 -0200 (BRST) Received: from mail.home (unknown [172.20.5.3]) by mx.netvision.com.br (Postfix) with ESMTPA id 91D7D9E8DC for ; Fri, 6 Nov 2009 09:30:11 -0200 (BRST) Received: by homemail.fastville.com.br (Postfix, from userid 1003) id 5745B68975; Fri, 6 Nov 2009 11:30:11 +0000 (UTC) Date: Fri, 6 Nov 2009 11:30:11 +0000 From: =?utf-8?B?QW5kcsOp?= Luiz dos Santos To: freebsd-pf@freebsd.org Message-ID: <20091106113011.GA25470@homemail.fastville.com.br> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline X-Milter-Next-Postfix-Instance: Normal Subject: PF route-to on 7.2-RELEASE-p4 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Nov 2009 11:46:21 -0000 I was getting the following panic on 7.2-RELEASE-p4 a few times a day. I removed all "route-to" from the ruleset and it's been 24 hours without any panics. Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0xc fault code = supervisor read, page not present instruction pointer = 0x20:0xc0834736 stack pointer = 0x28:0xc3f5f974 frame pointer = 0x28:0xc3f5f9a0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 31 (irq23: rl0 ehci0) trap number = 12 panic: page fault cpuid = 0 GEOM_MIRROR: Device floor: rebuilding provider ad2s1a stopped. Uptime: 47m14s Physical memory: 1002 MB (kgdb) bt #0 doadump () at pcpu.h:196 #1 0xc07e25f7 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:418 #2 0xc07e28c9 in panic (fmt=Variable "fmt" is not available. ) at /usr/src/sys/kern/kern_shutdown.c:574 #3 0xc0ae3f2c in trap_fatal (frame=0xc3f5f934, eva=12) at /usr/src/sys/i386/i386/trap.c:939 #4 0xc0ae41b0 in trap_pfault (frame=0xc3f5f934, usermode=0, eva=12) at /usr/src/sys/i386/i386/trap.c:852 #5 0xc0ae4b5c in trap (frame=0xc3f5f934) at /usr/src/sys/i386/i386/trap.c:530 #6 0xc0ac926b in calltrap () at /usr/src/sys/i386/i386/exception.s:159 #7 0xc0834736 in m_copym (m=0x0, off0=1500, len=1480, wait=1) at /usr/src/sys/kern/uipc_mbuf.c:539 #8 0xc08c6eb5 in ip_fragment (ip=0xc5568810, m_frag=0xc3f5fa44, mtu=1500, if_hwassist_flags=0, sw_csum=3073) at /usr/src/sys/netinet/ip_output.c:731 #9 0xc513e061 in pf_route (m=0xc3f5fb94, r=0xc518b33c, dir=1, oifp=0xc41d9c00, s=0x0, pd=0xc3f5faa0) at /usr/src/sys/modules/pf/../../contrib/pf/net/pf.c:6321 #10 0xc513d14f in pf_test (dir=1, ifp=0xc41d9c00, m0=0xc3f5fb94, eh=0x0, inp=0x0) at /usr/src/sys/modules/pf/../../contrib/pf/net/pf.c:7125 #11 0xc5144b69 in pf_check_in (arg=0x0, m=0xc3f5fb94, ifp=0xc41d9c00, dir=1, inp=0x0) at /usr/src/sys/modules/pf/../../contrib/pf/net/pf_ioctl.c:3647 #12 0xc088c528 in pfil_run_hooks (ph=0xc0cbf0c0, mp=0xc3f5fbf0, ifp=0xc41d9c00, dir=1, inp=0x0) at /usr/src/sys/net/pfil.c:78 #13 0xc08c5b0a in ip_input (m=0xc6c8d100) at /usr/src/sys/netinet/ip_input.c:416 #14 0xc088acc5 in netisr_dispatch (num=2, m=0xc6c8d100) at /usr/src/sys/net/netisr.c:185 #15 0xc0880c61 in ether_demux (ifp=0xc41d9c00, m=0xc6c8d100) at /usr/src/sys/net/if_ethersubr.c:834 #16 0xc0881053 in ether_input (ifp=0xc41d9c00, m=0xc6c8d100) at /usr/src/sys/net/if_ethersubr.c:692 #17 0xc09ad0d2 in rl_rxeof (sc=0xc4210000) at /usr/src/sys/pci/if_rl.c:1320 #18 0xc09ae0ea in rl_intr (arg=0xc4210000) at /usr/src/sys/pci/if_rl.c:1477 #19 0xc07c055b in ithread_loop (arg=0xc41f7410) at /usr/src/sys/kern/kern_intr.c:1088 #20 0xc07bd0a9 in fork_exit (callout=0xc07c03a0 , arg=0xc41f7410, frame=0xc3f5fd38) at /usr/src/sys/kern/kern_fork.c:810 #21 0xc0ac92e0 in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:264 (kgdb) From owner-freebsd-pf@FreeBSD.ORG Fri Nov 6 15:33:49 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7BB47106566C for ; Fri, 6 Nov 2009 15:33:49 +0000 (UTC) (envelope-from k@kevinkevin.com) Received: from mail-yw0-f178.google.com (mail-yw0-f178.google.com [209.85.211.178]) by mx1.freebsd.org (Postfix) with ESMTP id 3C7738FC1D for ; Fri, 6 Nov 2009 15:33:49 +0000 (UTC) Received: by ywh8 with SMTP id 8so1040730ywh.3 for ; Fri, 06 Nov 2009 07:33:48 -0800 (PST) Received: by 10.101.152.17 with SMTP id e17mr4369321ano.33.1257521628270; Fri, 06 Nov 2009 07:33:48 -0800 (PST) Received: from kevin (not.enough.unixsluts.com [76.10.166.187]) by mx.google.com with ESMTPS id 4sm57219ywg.43.2009.11.06.07.33.46 (version=TLSv1/SSLv3 cipher=RC4-MD5); Fri, 06 Nov 2009 07:33:47 -0800 (PST) From: "Kevin" To: Date: Fri, 6 Nov 2009 10:33:22 -0500 Message-ID: <00a201ca5ef6$7a4f3ee0$6eedbca0$@com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 12.0 thread-index: Acpe9neXMRi4YDckQuO9n1P83moOTw== Content-Language: en-us x-cr-hashedpuzzle: AEVI AXWX Aavu Az0i BtDI CHGO CHZE ELb0 FfcD FjTI FlPM GlCV H6u4 IPzy JZLq Kykq; 1; ZgByAGUAZQBiAHMAZAAtAHAAZgBAAGYAcgBlAGUAYgBzAGQALgBvAHIAZwA=; Sosha1_v1; 7; {19F614DF-5D99-4BE3-8286-824C05DB3A4C}; awBAAGsAZQB2AGkAbgBrAGUAdgBpAG4ALgBjAG8AbQA=; Fri, 06 Nov 2009 15:33:19 GMT; UQB1AGUAcwB0AGkAbwBuACAAYQBiAG8AdQB0ACAAcgBvAHUAbgBkACAAcgBvAGIAaQBuAA== x-cr-puzzleid: {19F614DF-5D99-4BE3-8286-824C05DB3A4C} Subject: Question about round robin X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Nov 2009 15:33:49 -0000 Hello, I am curious about simple round robin load balancing w/ PF. I see how simple it is to setup within the FreeBSD configuration file, but have a fairly simple question. Does PF detect if one of the addresses in the "pool" is not responsive? Or does it just blindly send traffic to all the addresses in the pool regardless? Is there some sort of heartbeat functionality or status check perhaps? Has anyone accomplished something along these lines? Load balancing would be pretty useless if I couldn't take a server out of the pool without having to re-configure PF every time. Any comments are appreciated! Thanks, Kevin www.stardothosting.com From owner-freebsd-pf@FreeBSD.ORG Fri Nov 6 16:02:03 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 74FA71065676 for ; Fri, 6 Nov 2009 16:02:03 +0000 (UTC) (envelope-from k@kevinkevin.com) Received: from mail-yx0-f171.google.com (mail-yx0-f171.google.com [209.85.210.171]) by mx1.freebsd.org (Postfix) with ESMTP id 340ED8FC0C for ; Fri, 6 Nov 2009 16:02:02 +0000 (UTC) Received: by yxe1 with SMTP id 1so1067633yxe.3 for ; Fri, 06 Nov 2009 08:02:02 -0800 (PST) Received: by 10.101.72.11 with SMTP id z11mr4402340ank.189.1257523311737; Fri, 06 Nov 2009 08:01:51 -0800 (PST) Received: from kevin (not.enough.unixsluts.com [76.10.166.187]) by mx.google.com with ESMTPS id 22sm64784ywh.30.2009.11.06.08.01.49 (version=TLSv1/SSLv3 cipher=RC4-MD5); Fri, 06 Nov 2009 08:01:50 -0800 (PST) From: "Kevin" To: "'no name'" References: <00a201ca5ef6$7a4f3ee0$6eedbca0$@com> <-3431979369893017739@unknownmsgid> In-Reply-To: <-3431979369893017739@unknownmsgid> Date: Fri, 6 Nov 2009 11:01:24 -0500 Message-ID: <00a501ca5efa$65640890$302c19b0$@com> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Office Outlook 12.0 thread-index: Acpe+RjVEqt5YNuvQjyKKFi2iz7xegAAJZrA Content-Language: en-us Cc: freebsd-pf@freebsd.org Subject: RE: Question about round robin X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Nov 2009 16:02:03 -0000 > -----Original Message----- > From: no name [mailto:britneyfreek@googlemail.com] > Sent: Friday, November 06, 2009 10:52 AM > To: Kevin > Cc: freebsd-pf@freebsd.org > Subject: Re: Question about round robin >=20 > i am not quite sure but i assume pf does no availabililtty checks as > responses from systems behind an address might take too long... >=20 > - regards >=20 > Am 06.11.2009 um 16:34 schrieb "Kevin" : >=20 > > Hello, > > > > > > > > I am curious about simple round robin load balancing w/ PF. I see > > how simple > > it is to setup within the FreeBSD configuration file, but have a > > fairly > > simple question. > > > > Does PF detect if one of the addresses in the "pool" is not > > responsive? Or > > does it just blindly send traffic to all the addresses in the pool > > regardless? Is there some sort of heartbeat functionality or status > > check > > perhaps? Has anyone accomplished something along these lines? Load > > balancing > > would be pretty useless if I couldn't take a server out of the pool > > without > > having to re-configure PF every time. > > > > > > Any comments are appreciated! > > > > > > Thanks, > > > > > > Kevin > > www.stardothosting.com I've searched the freebsd-* mailing list as well as gone through the = handbook regarding load balancing w/ PF = (http://www.openbsd.org/faq/pf/pools.html) and found no mention of any = kind of inherent availability checks or anything along those lines. Have = I missed something?=20 Seems that all the options (bitmask, random, source-hash, round-robin) = provide for different ways to distribute traffic to the servers, but if = a server dies or becomes unresponsive it would compromise the pool in = itself. Most other load balancing solutions such as LVS can be = incorporated with keepalived to allow for status checking. I would love to know anyone who may have implemented a solution like = that with PF + round robin. Thanks, Kevin From owner-freebsd-pf@FreeBSD.ORG Fri Nov 6 16:15:59 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 56D3A1065694 for ; Fri, 6 Nov 2009 16:15:59 +0000 (UTC) (envelope-from britneyfreek@googlemail.com) Received: from mail-pw0-f44.google.com (mail-pw0-f44.google.com [209.85.160.44]) by mx1.freebsd.org (Postfix) with ESMTP id 2D3578FC20 for ; Fri, 6 Nov 2009 16:15:58 +0000 (UTC) Received: by pwj15 with SMTP id 15so757745pwj.3 for ; Fri, 06 Nov 2009 08:15:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:references:from:in-reply-to:mime-version:date :received:message-id:subject:to:cc:content-type; bh=qjwOL6LwDTBo5dGHml+2bI+kg3wtPhj32QbuRnLZS3U=; b=D6Efgyq8ng/2dov4UsCwWzUke8N0hk9YSbj2IQ7dfiwj21mUudohIPhnf+c4TsVm8G 0100uslHqwz8dTwIQNtLNY8fMQoZ3b2xGLmWrSOsL79+Zwt9+4ZXOyvvYPssUUwNUWtx gaFUvZL4FLnp83cBaBdUiM7Z0pDleNeG8tCbI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=references:from:in-reply-to:mime-version:date:message-id:subject:to :cc:content-type; b=tC8wFfL9WuQCy8yC3zOQneVJONTBCaC9Tfizl+2GcnL4pBaZxOKLdx1+N/pciF40Eq J4uN2Gp4zmOvKcnom5a9U2Nd2wJw45WrBIdhj6stOG2DY0i+2wps4OfxDiX54Z5ylBPp kMDikkxS8LKpnwsdTl2wYODJq8KOnvZCow4Z4= References: <00a201ca5ef6$7a4f3ee0$6eedbca0$@com> From: no name In-Reply-To: <00a201ca5ef6$7a4f3ee0$6eedbca0$@com> Mime-Version: 1.0 (iPhone Mail 7D11) Date: Fri, 6 Nov 2009 16:51:52 +0100 Received: by 10.140.162.20 with SMTP id k20mr247154rve.255.1257522725742; Fri, 06 Nov 2009 07:52:05 -0800 (PST) Message-ID: <-3431979369893017739@unknownmsgid> To: Kevin Content-Type: text/plain; charset=UTF-8 Cc: "freebsd-pf@freebsd.org" Subject: Re: Question about round robin X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Nov 2009 16:15:59 -0000 i am not quite sure but i assume pf does no availabililtty checks as responses from systems behind an address might take too long... - regards Am 06.11.2009 um 16:34 schrieb "Kevin" : > Hello, > > > > I am curious about simple round robin load balancing w/ PF. I see > how simple > it is to setup within the FreeBSD configuration file, but have a > fairly > simple question. > > Does PF detect if one of the addresses in the "pool" is not > responsive? Or > does it just blindly send traffic to all the addresses in the pool > regardless? Is there some sort of heartbeat functionality or status > check > perhaps? Has anyone accomplished something along these lines? Load > balancing > would be pretty useless if I couldn't take a server out of the pool > without > having to re-configure PF every time. > > > Any comments are appreciated! > > > Thanks, > > > Kevin > www.stardothosting.com > > > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" From owner-freebsd-pf@FreeBSD.ORG Fri Nov 6 16:23:43 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B70131065670 for ; Fri, 6 Nov 2009 16:23:43 +0000 (UTC) (envelope-from CatalinM@starcomms.com) Received: from webmail.starcomms.com (webmail.starcomms.com [41.205.191.5]) by mx1.freebsd.org (Postfix) with SMTP id 207668FC0C for ; Fri, 6 Nov 2009 16:23:42 +0000 (UTC) Received: from STA-HQ-S001.starcomms.local ([172.16.2.28]) by webmail.starcomms.com with Microsoft SMTPSVC(6.0.3790.3959); Fri, 6 Nov 2009 17:23:17 +0100 X-MIMEOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Date: Fri, 6 Nov 2009 17:23:14 +0100 Message-ID: <3A0AA7018522134597ED63B3B794C92A0702E0A4@STA-HQ-S001.starcomms.local> In-Reply-To: <-3431979369893017739@unknownmsgid> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Question about round robin Thread-Index: Acpe/KUEGy8h8b97TJCsECmAwd5YMgAAGdGw References: <00a201ca5ef6$7a4f3ee0$6eedbca0$@com> <-3431979369893017739@unknownmsgid> From: "Catalin Miclaus" To: "no name" , "Kevin" X-OriginalArrivalTime: 06 Nov 2009 16:23:17.0437 (UTC) FILETIME=[728276D0:01CA5EFD] X-NAIMIME-Disclaimer: 1 X-NAIMIME-Modified: 1 Cc: freebsd-pf@freebsd.org Subject: RE: Question about round robin X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Nov 2009 16:23:43 -0000 As workaround you can write a script to check availability and update pf = config accordingly that you can run from cron every minute. Catalin Miclaus I ISP/Data Team Starcomms Plc. -----Original Message----- From: owner-freebsd-pf@freebsd.org [mailto:owner-freebsd-pf@freebsd.org] = On Behalf Of no name Sent: Friday, November 06, 2009 4:52 PM To: Kevin Cc: freebsd-pf@freebsd.org Subject: Re: Question about round robin i am not quite sure but i assume pf does no availabililtty checks as responses from systems behind an address might take too long... - regards Am 06.11.2009 um 16:34 schrieb "Kevin" : > Hello, > > > > I am curious about simple round robin load balancing w/ PF. I see > how simple > it is to setup within the FreeBSD configuration file, but have a > fairly > simple question. > > Does PF detect if one of the addresses in the "pool" is not > responsive? Or > does it just blindly send traffic to all the addresses in the pool > regardless? Is there some sort of heartbeat functionality or status > check > perhaps? Has anyone accomplished something along these lines? Load > balancing > would be pretty useless if I couldn't take a server out of the pool > without > having to re-configure PF every time. > > > Any comments are appreciated! > > > Thanks, > > > Kevin > www.stardothosting.com > > > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" DISCLAIMER: The information contained in this message (including any atta= chments) is confidential and may be privileged. If you have received it b= y mistake please notify the sender by return e-mail and permanently delet= e this message and any attachments from your system. Any form of dissemin= ation, use, review, distribution, printing or copying of this message in = whole or in part is strictly prohibited if you are not the intended recip= ient of this e-mail. Please note that e-mails are susceptible to change. = STARCOMMS PLC shall not be liable for the improper or incomplete transmis= sion of the information contained in this communication nor for any delay= in its receipt or damage to your system. STARCOMMS PLC does not guarante= e that the integrity of this communication has been maintained or that th= is communication is free of viruses, interceptions or interferences. STAR= COMMS PLC reserves the right to monitor all e-mail communications, whethe= r related to the business of STARCOMMS or not, through its internal or ex= ternal networks. From owner-freebsd-pf@FreeBSD.ORG Fri Nov 6 16:35:48 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2642E106566C for ; Fri, 6 Nov 2009 16:35:48 +0000 (UTC) (envelope-from sullrich@gmail.com) Received: from mail-bw0-f213.google.com (mail-bw0-f213.google.com [209.85.218.213]) by mx1.freebsd.org (Postfix) with ESMTP id A7FD08FC1A for ; Fri, 6 Nov 2009 16:35:47 +0000 (UTC) Received: by bwz5 with SMTP id 5so1375456bwz.3 for ; Fri, 06 Nov 2009 08:35:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :from:date:message-id:subject:to:cc:content-type :content-transfer-encoding; bh=D3m15kP+crAOTmqvWYGriQxa0A+kxRqiBLyjWcBvlGc=; b=JwBo2Pr2/ahRZkXBLuzn9/2fgciyFcvMJxrBzIg7XUN42ewfOLAdJxIBCYkaLntH/s dnNXen6KE4/iNegr2eCG1y0I7rzhHAvUShJdG/4ziZcSpmYJU1BkOKEFt7XIZLIBHWMv uX+Ys9ARf2QGPUClVTXadwGz+NdoD5lRe/CqM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; b=UOURdK1XTQMOJaZn2qFi6P0ppV2PCXbF5cMIq+bw7CX5qIC54QNaVhCG5hcMOHR/nI HmL67SYXPZFHhzBDSnfilM0rLNCmrtGHV6Tj3mXLMPEeBqvGVmVE6QI0IrJiSU3PPDPA c1r66rRE2fyO9V1BvRwU636BItG5dimK4tnUM= MIME-Version: 1.0 Received: by 10.204.25.19 with SMTP id x19mr4851313bkb.189.1257525346299; Fri, 06 Nov 2009 08:35:46 -0800 (PST) In-Reply-To: <00a501ca5efa$65640890$302c19b0$@com> References: <00a201ca5ef6$7a4f3ee0$6eedbca0$@com> <-3431979369893017739@unknownmsgid> <00a501ca5efa$65640890$302c19b0$@com> From: Scott Ullrich Date: Fri, 6 Nov 2009 11:35:26 -0500 Message-ID: To: Kevin Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: no name , freebsd-pf@freebsd.org Subject: Re: Question about round robin X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Nov 2009 16:35:48 -0000 On Fri, Nov 6, 2009 at 11:01 AM, Kevin wrote: > I've searched the freebsd-* mailing list as well as gone through the hand= book regarding load balancing w/ PF (http://www.openbsd.org/faq/pf/pools.ht= ml) and found no mention of any kind of inherent availability checks or any= thing along those lines. Have I missed something? > > Seems that all the options (bitmask, random, source-hash, round-robin) pr= ovide for different ways to distribute traffic to the servers, but if a ser= ver dies or becomes unresponsive it would compromise the pool in itself. Mo= st other load balancing solutions such as LVS can be incorporated with keep= alived to allow for status checking. > > I would love to know anyone who may have implemented a solution like that= with PF + round robin. Take a look at relayd and slbd. Scott From owner-freebsd-pf@FreeBSD.ORG Fri Nov 6 16:45:56 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D36E11065672 for ; Fri, 6 Nov 2009 16:45:56 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.171]) by mx1.freebsd.org (Postfix) with ESMTP id 655BF8FC18 for ; Fri, 6 Nov 2009 16:45:56 +0000 (UTC) Received: from vampire.homelinux.org (dslb-088-066-012-167.pools.arcor-ip.net [88.66.12.167]) by mrelayeu.kundenserver.de (node=mreu1) with ESMTP (Nemesis) id 0MAASz-1N0AYt2J3p-00BFvX; Fri, 06 Nov 2009 17:45:55 +0100 Received: (qmail 99768 invoked from network); 6 Nov 2009 16:45:53 -0000 Received: from kvm.laiers.local (HELO kvm.localnet) (192.168.4.188) by ns1.laiers.local with SMTP; 6 Nov 2009 16:45:53 -0000 From: Max Laier Organization: FreeBSD To: freebsd-pf@freebsd.org Date: Fri, 6 Nov 2009 17:45:51 +0100 User-Agent: KMail/1.12.2 (Linux/2.6.31-ARCH; KDE/4.3.2; x86_64; ; ) References: <00a201ca5ef6$7a4f3ee0$6eedbca0$@com> <00a501ca5efa$65640890$302c19b0$@com> In-Reply-To: MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200911061745.52616.max@love2party.net> X-Provags-ID: V01U2FsdGVkX18XSZ5C23r6c17K76B/Ze5LtLPyotLVEqnbcHB hG5w5fUHrN/Web/h9DJisMdhD4Gee9Y5BNwX+i21arw7tGWt05 uXgnv9OJ3CH2WVqCYi75g== Cc: no name Subject: Re: Question about round robin X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Nov 2009 16:45:56 -0000 On Friday 06 November 2009 17:35:26 Scott Ullrich wrote: > On Fri, Nov 6, 2009 at 11:01 AM, Kevin wrote: > > I've searched the freebsd-* mailing list as well as gone through the > > handbook regarding load balancing w/ PF > > (http://www.openbsd.org/faq/pf/pools.html) and found no mention of any > > kind of inherent availability checks or anything along those lines. Have > > I missed something? > > > > Seems that all the options (bitmask, random, source-hash, round-robin) > > provide for different ways to distribute traffic to the servers, but if a > > server dies or becomes unresponsive it would compromise the pool in > > itself. Most other load balancing solutions such as LVS can be > > incorporated with keepalived to allow for status checking. > > > > I would love to know anyone who may have implemented a solution like that > > with PF + round robin. > > Take a look at relayd and slbd. I was about to say ... http://www.freshports.org/net/relayd/ -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News From owner-freebsd-pf@FreeBSD.ORG Fri Nov 6 16:47:54 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2D9AD106566C for ; Fri, 6 Nov 2009 16:47:54 +0000 (UTC) (envelope-from k@kevinkevin.com) Received: from mail-yw0-f178.google.com (mail-yw0-f178.google.com [209.85.211.178]) by mx1.freebsd.org (Postfix) with ESMTP id E196D8FC18 for ; Fri, 6 Nov 2009 16:47:53 +0000 (UTC) Received: by ywh8 with SMTP id 8so1109228ywh.3 for ; Fri, 06 Nov 2009 08:47:53 -0800 (PST) Received: by 10.101.169.1 with SMTP id w1mr86448ano.26.1257526070449; Fri, 06 Nov 2009 08:47:50 -0800 (PST) Received: from kevin (not.enough.unixsluts.com [76.10.166.187]) by mx.google.com with ESMTPS id 23sm76669ywh.3.2009.11.06.08.47.48 (version=TLSv1/SSLv3 cipher=RC4-MD5); Fri, 06 Nov 2009 08:47:49 -0800 (PST) From: "Kevin" To: "'Max Laier'" , References: <00a201ca5ef6$7a4f3ee0$6eedbca0$@com> <00a501ca5efa$65640890$302c19b0$@com> <200911061745.52616.max@love2party.net> In-Reply-To: <200911061745.52616.max@love2party.net> Date: Fri, 6 Nov 2009 11:47:23 -0500 Message-ID: <00a801ca5f00$d182a800$7487f800$@com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 12.0 thread-index: AcpfAJxG2xvTFDAPQDyhaJ/IyfT7ewAAAU1A Content-Language: en-us Cc: 'no name' Subject: RE: Question about round robin X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Nov 2009 16:47:54 -0000 > > Take a look at relayd and slbd. > > I was about to say ... http://www.freshports.org/net/relayd/ Thank you all for the suggestions so far. Ideally I'd like something that can work with PF, such as relayd. Since this is only www load balancing, I think that may be the best solution, although I am evaluating HAProxy as well. Thanks again , Kevin From owner-freebsd-pf@FreeBSD.ORG Fri Nov 6 16:54:50 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 231BE1065670 for ; Fri, 6 Nov 2009 16:54:50 +0000 (UTC) (envelope-from k@kevinkevin.com) Received: from mail-gx0-f218.google.com (mail-gx0-f218.google.com [209.85.217.218]) by mx1.freebsd.org (Postfix) with ESMTP id DA33F8FC16 for ; Fri, 6 Nov 2009 16:54:49 +0000 (UTC) Received: by gxk10 with SMTP id 10so1131594gxk.3 for ; Fri, 06 Nov 2009 08:54:49 -0800 (PST) Received: by 10.100.56.40 with SMTP id e40mr4574603ana.135.1257526482985; Fri, 06 Nov 2009 08:54:42 -0800 (PST) Received: from kevin (not.enough.unixsluts.com [76.10.166.187]) by mx.google.com with ESMTPS id 9sm76759ywe.26.2009.11.06.08.54.41 (version=TLSv1/SSLv3 cipher=RC4-MD5); Fri, 06 Nov 2009 08:54:42 -0800 (PST) From: "Kevin" To: "'Miroslav Lachman'" <000.fbsd@quip.cz> References: <00a201ca5ef6$7a4f3ee0$6eedbca0$@com> <4AF453B4.8050909@quip.cz> In-Reply-To: <4AF453B4.8050909@quip.cz> Date: Fri, 6 Nov 2009 11:54:16 -0500 Message-ID: <00ab01ca5f01$c7afe580$570fb080$@com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 12.0 thread-index: AcpfAS5O9yND0E9hSyexU03Q3MG4nwAAGotA Content-Language: en-us Cc: freebsd-pf@freebsd.org Subject: RE: Question about round robin X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Nov 2009 16:54:50 -0000 > Tables are easily maintained by external applications / scripts - you > can update theme without reloading of the rules. So you can write some > little daemon pinging all your hosts and drop IP of unresponsive host > from the table. > Or you can write some complex system to monitor hosts resources (CPU > load, free memory, disk IO, etc.) and maintain content of the table by > this criteria so you can get balancing based on real server load. > > Miroslav Lachman Since what I'm trying to do (balance simple www traffic) isn't that complicated, I was hoping for some of this functionality to be inherent in PF. Wishful thinking I guess :) I wanted to avoid writing scripts, however, perhaps existing heartbeat / status checking solutions can be integrated in this way. Thank you From owner-freebsd-pf@FreeBSD.ORG Fri Nov 6 17:07:46 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AAF891065676 for ; Fri, 6 Nov 2009 17:07:46 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) by mx1.freebsd.org (Postfix) with ESMTP id 673EC8FC12 for ; Fri, 6 Nov 2009 17:07:46 +0000 (UTC) Received: from localhost (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 32D1E19E019; Fri, 6 Nov 2009 17:49:59 +0100 (CET) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id AC35019E023; Fri, 6 Nov 2009 17:49:56 +0100 (CET) Message-ID: <4AF453B4.8050909@quip.cz> Date: Fri, 06 Nov 2009 17:49:56 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9.1.4) Gecko/20091017 SeaMonkey/2.0 MIME-Version: 1.0 To: Kevin References: <00a201ca5ef6$7a4f3ee0$6eedbca0$@com> In-Reply-To: <00a201ca5ef6$7a4f3ee0$6eedbca0$@com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-pf@freebsd.org Subject: Re: Question about round robin X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Nov 2009 17:07:46 -0000 Kevin wrote: > I am curious about simple round robin load balancing w/ PF. I see how simple > it is to setup within the FreeBSD configuration file, but have a fairly > simple question. > > Does PF detect if one of the addresses in the "pool" is not responsive? Or > does it just blindly send traffic to all the addresses in the pool > regardless? Is there some sort of heartbeat functionality or status check > perhaps? Has anyone accomplished something along these lines? Load balancing > would be pretty useless if I couldn't take a server out of the pool without > having to re-configure PF every time. "The round-robin method will accept multiple individual addresses using a list or table." Tables are easily maintained by external applications / scripts - you can update theme without reloading of the rules. So you can write some little daemon pinging all your hosts and drop IP of unresponsive host from the table. Or you can write some complex system to monitor hosts resources (CPU load, free memory, disk IO, etc.) and maintain content of the table by this criteria so you can get balancing based on real server load. Miroslav Lachman