Date: Wed, 8 Oct 2008 12:12:47 -0700 From: "Mike Sweetser - Adhost" <mikesw@adhost.com> To: <freebsd-questions@freebsd.org> Subject: Unexpected PF Round Robin Behavior Message-ID: <17838240D9A5544AAA5FF95F8D52031604BE314F@ad-exh01.adhost.lan>
next in thread | raw e-mail | index | archive | help
Hello:
We're noticing some unexpected behavior regarding load balancing with
our FreeBSD 6.2 server running PF.
We have a pool set up for a two-server cluster:
table <web_183_roundrobin> persist { \
192.168.1.183 \
192.168.2.183 \
}
web_183_ext="xxx.xxx.xxx.183"
And the following rdr rule to handle it:
rdr on ! $vlanX_if proto { udp tcp } from any to $web_183_ext port { 80
443 } -> <web_183_roundrobin> round-robin sticky-address
It's working - too well. We're noticing that it's round-robining not
only based on the IP address, but the port as well - connections from
the same machine to ports 80 and 443 are hitting different servers:
self tcp 192.168.1.183:80 <- xxx.xxx.xxx.183:80 <- yyy.yyy.yyy.80:53601
FIN_WAIT_2:FIN_WAIT_2
self tcp 192.168.1.183:80 <- xxx.xxx.xxx.183:80 <- yyy.yyy.yyy.80:53602
FIN_WAIT_2:FIN_WAIT_2
self tcp 192.168.1.183:80 <- xxx.xxx.xxx.183:80 <- yyy.yyy.yyy.80:53603
ESTABLISHED:ESTABLISHED
self tcp 192.168.2.183:443 <- xxx.xxx.xxx.183:443 <-
yyy.yyy.yyy.80:53604 FIN_WAIT_2:FIN_WAIT_2
self tcp 192.168.2.183:443 <- xxx.xxx.xxx.183:443 <-
yyy.yyy.yyy.80:53605 ESTABLISHED:ESTABLISHED
Is there any way to set this so that a given client IP will hit the same
server in the pool, regardless of port?
Thank You,
Mike Sweetser
--------------------------
Mike Sweetser | Systems Administrator
Adhost Internet
140 Fourth Avenue North, Suite 360, Seattle, Washington 98109 USA
P 206.404.9000 T 888.234.6781 (ADHOST-1) F 206.404.9050
W adhost.com
Our brand new Adhost West data center is open - contact us for a tour at
1-888-234-6781 (ADHOST-1)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?17838240D9A5544AAA5FF95F8D52031604BE314F>