From owner-freebsd-questions@FreeBSD.ORG Thu Oct 9 04:26:51 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 12BD21065686 for ; Thu, 9 Oct 2008 04:26:51 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from QMTA01.westchester.pa.mail.comcast.net (qmta01.westchester.pa.mail.comcast.net [76.96.62.16]) by mx1.freebsd.org (Postfix) with ESMTP id B36DC8FC13 for ; Thu, 9 Oct 2008 04:26:50 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from OMTA02.westchester.pa.mail.comcast.net ([76.96.62.19]) by QMTA01.westchester.pa.mail.comcast.net with comcast id QUEB1a0030QuhwU51USpjQ; Thu, 09 Oct 2008 04:26:49 +0000 Received: from koitsu.dyndns.org ([69.181.141.110]) by OMTA02.westchester.pa.mail.comcast.net with comcast id QUSo1a0092P6wsM3NUSpaw; Thu, 09 Oct 2008 04:26:49 +0000 X-Authority-Analysis: v=1.0 c=1 a=QycZ5dHgAAAA:8 a=a7VBfraA0I1rgaVETSoA:9 a=HaLBAuX0lQc8lJkInJgA:7 a=iwSBW7hk3wkRB-z7nAnZ_uw4HwwA:4 a=EoioJ0NPDVgA:10 a=LY0hPdMaydYA:10 Received: by icarus.home.lan (Postfix, from userid 1000) id 76AFDC9419; Wed, 8 Oct 2008 21:26:48 -0700 (PDT) Date: Wed, 8 Oct 2008 21:26:48 -0700 From: Jeremy Chadwick To: Mike Sweetser - Adhost Message-ID: <20081009042648.GA94175@icarus.home.lan> References: <17838240D9A5544AAA5FF95F8D52031604BE314F@ad-exh01.adhost.lan> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <17838240D9A5544AAA5FF95F8D52031604BE314F@ad-exh01.adhost.lan> User-Agent: Mutt/1.5.18 (2008-05-17) Cc: freebsd-questions@freebsd.org Subject: Re: Unexpected PF Round Robin Behavior X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Oct 2008 04:26:51 -0000 On Wed, Oct 08, 2008 at 12:12:47PM -0700, Mike Sweetser - Adhost wrote: > We're noticing some unexpected behavior regarding load balancing with > our FreeBSD 6.2 server running PF. > > We have a pool set up for a two-server cluster: > > table persist { \ > 192.168.1.183 \ > 192.168.2.183 \ > } > web_183_ext="xxx.xxx.xxx.183" > > And the following rdr rule to handle it: > > rdr on ! $vlanX_if proto { udp tcp } from any to $web_183_ext port { 80 > 443 } -> round-robin sticky-address > > It's working - too well. We're noticing that it's round-robining not > only based on the IP address, but the port as well - connections from > the same machine to ports 80 and 443 are hitting different servers: > > self tcp 192.168.1.183:80 <- xxx.xxx.xxx.183:80 <- yyy.yyy.yyy.80:53601 > FIN_WAIT_2:FIN_WAIT_2 > self tcp 192.168.1.183:80 <- xxx.xxx.xxx.183:80 <- yyy.yyy.yyy.80:53602 > FIN_WAIT_2:FIN_WAIT_2 > self tcp 192.168.1.183:80 <- xxx.xxx.xxx.183:80 <- yyy.yyy.yyy.80:53603 > ESTABLISHED:ESTABLISHED > self tcp 192.168.2.183:443 <- xxx.xxx.xxx.183:443 <- > yyy.yyy.yyy.80:53604 FIN_WAIT_2:FIN_WAIT_2 > self tcp 192.168.2.183:443 <- xxx.xxx.xxx.183:443 <- > yyy.yyy.yyy.80:53605 ESTABLISHED:ESTABLISHED > > Is there any way to set this so that a given client IP will hit the same > server in the pool, regardless of port? Try the freebsd-pf list. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |