From owner-freebsd-pf@FreeBSD.ORG Thu Dec 3 08:44:19 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AC5F71065676 for ; Thu, 3 Dec 2009 08:44:19 +0000 (UTC) (envelope-from wooh@wooh.hu) Received: from mail.netidea.hu (netwarehouse.netidea.hu [195.228.254.126]) by mx1.freebsd.org (Postfix) with ESMTP id 208CC8FC0C for ; Thu, 3 Dec 2009 08:44:17 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netidea.hu (Postfix) with ESMTP id 0A0F812818E for ; Thu, 3 Dec 2009 09:14:56 +0100 (CET) X-Virus-Scanned: amavisd-new at netidea.hu Received: from mail.netidea.hu ([127.0.0.1]) by localhost (mail.netidea.hu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id inwcATyF2eTQ for ; Thu, 3 Dec 2009 09:14:55 +0100 (CET) Received: from [192.168.0.100] (catv-89-134-206-111.catv.broadband.hu [89.134.206.111]) by mail.netidea.hu (Postfix) with ESMTP id BC445127E84 for ; Thu, 3 Dec 2009 09:14:55 +0100 (CET) Message-ID: <4B177491.30402@wooh.hu> Date: Thu, 03 Dec 2009 09:19:29 +0100 From: Adam PAPAI User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: PF + load balancing over 100Mbit traffic X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Dec 2009 08:44:19 -0000 Dear List, I have a feeling that PF can't do perfect round-robin load balancing over 100Mbit. When our PF server's (Dual Quad Core 3Ghz with 8GB ram) network traffic goes over 100Mbit, the 80 port's connect time increases to 3-5-10 sec instead of the stable 0.001-0.002 sec. The web servers feel good, they don't have load, the redundant master-slave database servers feel good, they dont have high load. So everything seems fine, except the connect time. (Our checker script asks only a HEAD request from the web servers) The internal network has Gbit connection so as the internet side. Do you have any advice? Is it time to get a Layer 7 switch and do load balancing with it? Or is it possible to do it in a PF way without a Content Switch? 2 web servers and 2 database servers are involved. [web 1] ---| [web 2] ---| [db 1] ---|---[pf/web 3/default gw]---internet [db 2] ---| For a while the web server on the PF server is down to test, but it does the same connection time with a running apache and without a running apache. Any idea? Our internet traffic average is 100Mbit-130Mbit and the connect time makes me so sad. Thanks in advance, -- Adam PAPAI NETIDEA Informatikai Szolgaltato Kft. http://www.netidea.hu E-mail: wooh@wooh.hu