Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 8 Oct 2008 21:26:48 -0700
From:      Jeremy Chadwick <koitsu@FreeBSD.org>
To:        Mike Sweetser - Adhost <mikesw@adhost.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Unexpected PF Round Robin Behavior
Message-ID:  <20081009042648.GA94175@icarus.home.lan>
In-Reply-To: <17838240D9A5544AAA5FF95F8D52031604BE314F@ad-exh01.adhost.lan>
References:  <17838240D9A5544AAA5FF95F8D52031604BE314F@ad-exh01.adhost.lan>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, Oct 08, 2008 at 12:12:47PM -0700, Mike Sweetser - Adhost wrote:
> We're noticing some unexpected behavior regarding load balancing with
> our FreeBSD 6.2 server running PF.
> 
> We have a pool set up for a two-server cluster:
> 
> table <web_183_roundrobin> persist { \
>     192.168.1.183 \
>     192.168.2.183 \
> }
> web_183_ext="xxx.xxx.xxx.183"
> 
> And the following rdr rule to handle it:
> 
> rdr on ! $vlanX_if proto { udp tcp } from any to $web_183_ext port { 80
> 443 } -> <web_183_roundrobin> round-robin sticky-address
> 
> It's working - too well.  We're noticing that it's round-robining not
> only based on the IP address, but the port as well - connections from
> the same machine to ports 80 and 443 are hitting different servers:
> 
> self tcp 192.168.1.183:80 <- xxx.xxx.xxx.183:80 <- yyy.yyy.yyy.80:53601
> FIN_WAIT_2:FIN_WAIT_2
> self tcp 192.168.1.183:80 <- xxx.xxx.xxx.183:80 <- yyy.yyy.yyy.80:53602
> FIN_WAIT_2:FIN_WAIT_2
> self tcp 192.168.1.183:80 <- xxx.xxx.xxx.183:80 <- yyy.yyy.yyy.80:53603
> ESTABLISHED:ESTABLISHED
> self tcp 192.168.2.183:443 <- xxx.xxx.xxx.183:443 <-
> yyy.yyy.yyy.80:53604       FIN_WAIT_2:FIN_WAIT_2
> self tcp 192.168.2.183:443 <- xxx.xxx.xxx.183:443 <-
> yyy.yyy.yyy.80:53605       ESTABLISHED:ESTABLISHED
> 
> Is there any way to set this so that a given client IP will hit the same
> server in the pool, regardless of port?  

Try the freebsd-pf list.

-- 
| Jeremy Chadwick                                jdc at parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081009042648.GA94175>