From owner-freebsd-questions@FreeBSD.ORG Wed Oct 8 19:29:09 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C4869106568B for ; Wed, 8 Oct 2008 19:29:09 +0000 (UTC) (envelope-from mikesw@adhost.com) Received: from mail-defer01.adhost.com (mail-defer01.adhost.com [216.211.128.176]) by mx1.freebsd.org (Postfix) with ESMTP id A72BC8FC14 for ; Wed, 8 Oct 2008 19:29:09 +0000 (UTC) (envelope-from mikesw@adhost.com) Received: from mail-in06.adhost.com (mail-in06.adhost.com [10.212.3.16]) by mail-defer01.adhost.com (Postfix) with ESMTP id C238811290 for ; Wed, 8 Oct 2008 12:12:48 -0700 (PDT) (envelope-from mikesw@adhost.com) Received: from ad-exh01.adhost.lan (exchange.adhost.com [216.211.143.69]) by mail-in06.adhost.com (Postfix) with ESMTP id 5A3F2164851 for ; Wed, 8 Oct 2008 12:12:48 -0700 (PDT) (envelope-from mikesw@adhost.com) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Wed, 8 Oct 2008 12:12:47 -0700 Message-ID: <17838240D9A5544AAA5FF95F8D52031604BE314F@ad-exh01.adhost.lan> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Unexpected PF Round Robin Behavior Thread-Index: Ackpedl3mgUrsrDrTsqs/kLfjF1E7w== From: "Mike Sweetser - Adhost" To: Subject: Unexpected PF Round Robin Behavior X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Oct 2008 19:29:09 -0000 Hello: We're noticing some unexpected behavior regarding load balancing with our FreeBSD 6.2 server running PF. We have a pool set up for a two-server cluster: table persist { \ 192.168.1.183 \ 192.168.2.183 \ } web_183_ext=3D"xxx.xxx.xxx.183" And the following rdr rule to handle it: rdr on ! $vlanX_if proto { udp tcp } from any to $web_183_ext port { 80 443 } -> round-robin sticky-address It's working - too well. We're noticing that it's round-robining not only based on the IP address, but the port as well - connections from the same machine to ports 80 and 443 are hitting different servers: self tcp 192.168.1.183:80 <- xxx.xxx.xxx.183:80 <- yyy.yyy.yyy.80:53601 FIN_WAIT_2:FIN_WAIT_2 self tcp 192.168.1.183:80 <- xxx.xxx.xxx.183:80 <- yyy.yyy.yyy.80:53602 FIN_WAIT_2:FIN_WAIT_2 self tcp 192.168.1.183:80 <- xxx.xxx.xxx.183:80 <- yyy.yyy.yyy.80:53603 ESTABLISHED:ESTABLISHED self tcp 192.168.2.183:443 <- xxx.xxx.xxx.183:443 <- yyy.yyy.yyy.80:53604 FIN_WAIT_2:FIN_WAIT_2 self tcp 192.168.2.183:443 <- xxx.xxx.xxx.183:443 <- yyy.yyy.yyy.80:53605 ESTABLISHED:ESTABLISHED Is there any way to set this so that a given client IP will hit the same server in the pool, regardless of port? =20 Thank You, Mike Sweetser -------------------------- Mike Sweetser | Systems Administrator Adhost Internet 140 Fourth Avenue North, Suite 360, Seattle, Washington 98109 USA P 206.404.9000 T 888.234.6781 (ADHOST-1) F 206.404.9050 W adhost.com Our brand new Adhost West data center is open - contact us for a tour at 1-888-234-6781 (ADHOST-1)