From owner-freebsd-pf@FreeBSD.ORG  Wed Jul  9 10:43:05 2008
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4A6EA1065675
	for <freebsd-pf@freebsd.org>; Wed,  9 Jul 2008 10:43:05 +0000 (UTC)
	(envelope-from jd@ods.org)
Received: from update.ods.org (update.ods.org [66.246.72.188])
	by mx1.freebsd.org (Postfix) with ESMTP id 251B88FC0A
	for <freebsd-pf@freebsd.org>; Wed,  9 Jul 2008 10:43:05 +0000 (UTC)
	(envelope-from jd@ods.org)
Received: from [192.168.5.50] (76-191-157-59.dsl.dynamic.sonic.net
	[76.191.157.59])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by update.ods.org (Postfix) with ESMTPSA id BFFA817E6C;
	Wed,  9 Jul 2008 06:26:37 -0400 (EDT)
Message-ID: <4874925D.4020306@ods.org>
Date: Wed, 09 Jul 2008 03:26:37 -0700
From: Jason DiCioccio <jd@ods.org>
User-Agent: Thunderbird 2.0.0.14 (Windows/20080421)
MIME-Version: 1.0
To: Mark Pagulayan <m.pagulayan@auckland.ac.nz>
References: <6E7521247AB3F04685C35F382AADE1B123932C7967@UXCHANGE7-2.UoA.auckland.ac.nz>
In-Reply-To: <6E7521247AB3F04685C35F382AADE1B123932C7967@UXCHANGE7-2.UoA.auckland.ac.nz>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org>
Subject: Re: Suggestions on how to do Layer 2 load balacing with PF
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Jul 2008 10:43:05 -0000

Hey Mark,

Mark Pagulayan wrote:
> Hi Guys,
>
> I was just wondering if anyone of you have done layer 2 load balancing with PF.
>
> We tried to load balance traffic between two bridge firewall through OSPF, by putting equal weights on the router ports. But the problem we encountered is that when packet exits FW1 ( a state is created) it returns to FW2, the packet gets drop because the state created on FW1 has not yet synced on FW2.
>   

The first thing that comes to my mind is changing the behavior on the 
router.  Many routers allow you to choose how they forward in a 
situation with equal-cost paths.  See below for the Juniper version of this.

http://www.juniper.net/techpubs/software/junos/junos70/swconfig70-policy/html/policy-actions-config11.html

Regards,
-JD-