From owner-freebsd-stable@freebsd.org Mon Jan 14 18:44:29 2019 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CA4F41483AEF for ; Mon, 14 Jan 2019 18:44:29 +0000 (UTC) (envelope-from dch@skunkwerks.at) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BFBEC7035B for ; Mon, 14 Jan 2019 18:44:27 +0000 (UTC) (envelope-from dch@skunkwerks.at) Received: from betaweb1.internal (betaweb1.nyi.internal [10.202.2.10]) by mailout.nyi.internal (Postfix) with ESMTP id 0899A21964 for ; Mon, 14 Jan 2019 13:44:21 -0500 (EST) Received: from betaweb1 ([::ffff:10.202.2.10]) by betaweb1.internal (MEProxy); Mon, 14 Jan 2019 13:44:21 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=skunkwerks.at; h=message-id:from:to:mime-version:content-transfer-encoding :content-type:references:subject:date:in-reply-to; s=fm1; bh=jwb DqL9FoqJ6qEXxGvAydaX0Gk+SWi2By3GfpQxQXsc=; b=ykeeIc6ebNTLWfM3jf4 GwxnIh8bwuZmdBonpwsDodafdZPYOzQ08L4XPYv7tZGHzz8LLQ17PKXQouCNg8uq isg1dauFVwhIHMZvqWQeasEYay065zQNDuvsn7HoMi3wVzAREQiTmM9d+Otz+hGH A4p5JSYsPrddFeU3gmoVEEuA6/KOTX1nB9H36e3Y98IKojZtbWkOrvL8T97cFARm 3yi6FFoZ2R9hU44bPmRvttdsfhYKKOVY1W7QWDW8SXy1NZpffOgH3332kX6MXmt9 mNzGtbOwKAkl8gzFKxt/v5wL3c+5oEhhVJzH9dCmlYsosj0Y2lxTzljoQPAndbuc dEg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=jwbDqL9FoqJ6qEXxGvAydaX0Gk+SWi2By3GfpQxQX sc=; b=Q9/P5SaBPItg3G1Nl83o0VeBplZ/DTHTJGIeGhMXjJpotSsWev5j1LRH2 P3Hb7nKNaYTP6ffGQI9EXU7GwmZVvP7KXEp80LvjttmY93/0qUMsFHqGsjsDx+fd t7LPQmTQe4qkmkONmRsl5/nO3lZa8AmbPvo5iMRBzTS1GWC64D7NPXqSKFGRqnB0 Gl5YahhbltA1gGd+IJXTInqUZ7bbHtkFglp60VXXDF63DPWe8RC8VNqHNkOdlgfc OUHvLcfdrvzMJyhZOIvkeIyklGTlslYiEwm3G/jCpGP94kadldYtj0gyf/CgRjau GQVwpZSlbqUQecHSKqS5aDMfFRbqQ== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedtledrgedugdduudefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlnecuuegrihhlohhuthemuceftddtnecu necujfgurhepkffhvfgggfgtofhfufffjgesrgejreerredtjeenucfhrhhomhepffgrvh gvucevohhtthhlvghhuhgsvghruceouggthhesshhkuhhnkhifvghrkhhsrdgrtheqnecu rfgrrhgrmhepmhgrihhlfhhrohhmpegutghhsehskhhunhhkfigvrhhkshdrrghtnecuve hluhhsthgvrhfuihiivgeptd X-ME-Proxy: Received: by mailuser.nyi.internal (Postfix, from userid 99) id 19B93E2670; Mon, 14 Jan 2019 13:44:20 -0500 (EST) Message-Id: <1547491459.1113392.1634330440.3BE6B9CF@webmail.messagingengine.com> From: Dave Cottlehuber To: freebsd-stable@freebsd.org MIME-Version: 1.0 X-Mailer: MessagingEngine.com Webmail Interface - ajax-f0444315 References: Subject: Re: Any suggestions for a layer 3 load ablancer for 12, as relayd doesnt work anymore Date: Mon, 14 Jan 2019 19:44:19 +0100 In-Reply-To: X-Rspamd-Queue-Id: BFBEC7035B X-Spamd-Bar: ------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=skunkwerks.at header.s=fm1 header.b=ykeeIc6e; dkim=pass header.d=messagingengine.com header.s=fm1 header.b=Q9/P5SaB; spf=pass (mx1.freebsd.org: domain of dch@skunkwerks.at designates 66.111.4.27 as permitted sender) smtp.mailfrom=dch@skunkwerks.at X-Spamd-Result: default: False [-7.21 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[skunkwerks.at:s=fm1,messagingengine.com:s=fm1]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:66.111.4.27]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-stable@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[4]; DMARC_NA(0.00)[skunkwerks.at]; DKIM_TRACE(0.00)[skunkwerks.at:+,messagingengine.com:+]; MX_GOOD(-0.01)[in2-smtp.messagingengine.com,in1-smtp.messagingengine.com,in2-smtp.messagingengine.com,in1-smtp.messagingengine.com]; NEURAL_HAM_SHORT(-0.95)[-0.952,0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:11403, ipnet:66.111.4.0/24, country:US]; IP_SCORE(-3.65)[ip: (-9.82), ipnet: 66.111.4.0/24(-4.62), asn: 11403(-3.71), country: US(-0.08)]; RCVD_IN_DNSWL_LOW(-0.10)[27.4.111.66.list.dnswl.org : 127.0.5.1] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Jan 2019 18:44:30 -0000 On Mon, 14 Jan 2019, at 17:15, Pete French wrote: > So, until the middle of this afternoon I was, doing my load > balancing using> relayd from ports and PF. My own fault for not checking, but I > upgraded> one of the firewall pair to 12 and then discovered that the > relayd port is> no > Am now puzzling over solutions to this - I dont really want to stay on> 11 forevere. Moving to OpenBSD to get their PF and relayd is a bit of> an uncomfortable idea as we gain a lot from having one OS > everywhere that> people know, so does anyone have any suggestions ? > > PF round robin is not good enough for this as I have some dynamic > problems> which indicate when a node is up or down. Relayd will check > these, but the> basic PF wil not as far as I know. > > What do other people do ? haproxy does proper failover and allows custom health checks either via URL or real world traffic of external scripts. Traefik has lots of container oriented features. Dave