Date: Wed, 09 Jul 2008 14:50:54 +0300 From: Stefan Lambrev <stefan.lambrev@moneybookers.com> To: =?UTF-8?B?SXN0dsOhbiBTenVrw6Fjcw==?= <leccine@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: Suggestions on how to do Layer 2 load balacing with PF Message-ID: <4874A61E.1040508@moneybookers.com> In-Reply-To: <b8592ed80807090240k234e0a20je94d04684bfc7580@mail.gmail.com> References: <6E7521247AB3F04685C35F382AADE1B123932C7967@UXCHANGE7-2.UoA.auckland.ac.nz> <b8592ed80807090240k234e0a20je94d04684bfc7580@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, It's a very interesting question - at least for me. :) Istv=C3=A1n Szuk=C3=A1cs wrote: > hi! > > http://people.freebsd.org/~mlaier/sucon.pdf > > CARP > > Supports layer 2 load balancing (ARP based) > =20 But the OP claims that pfsync is not fast enough to sync all states? How = will balancing work then? Also I can't imagine the combination of bridge and carp (on same=20 firewall).. after all CARP needs IP and bridge is transparent? > cheers > > On Wed, Jul 9, 2008 at 8:14 AM, Mark Pagulayan <m.pagulayan@auckland.ac= =2Enz> > wrote: > > =20 >> Hi Guys, >> >> I was just wondering if anyone of you have done layer 2 load balancing= with >> PF. >> >> We tried to load balance traffic between two bridge firewall through O= SPF, >> by putting equal weights on the router ports. But the problem we encou= ntered >> is that when packet exits FW1 ( a state is created) it returns to FW2,= the >> packet gets drop because the state created on FW1 has not yet synced o= n FW2. >> =20 I guess you have two external uplinks - one for every firewall. Can you=20 draw simple schema of the network topology? >> We did this experiment because the firewall starts to drop packets whe= n >> packet rates reach 30Kp/s hoping that we load balance it, we can distr= ibute >> traffic to the firewalls. And just for information where a using a Gig= >> interface (em) >> =20 30kpps is very low. Bridge with stateful PF should handle at least=20 100-150kpps, probably your hardware is not up to the task? You may want to look at "Freebsd IP Forwarding performance (question,=20 and some info) [7-stable, current, em, smp]" thread in freebsd-net archiv= es for how to tune your router/firewall. >> I wanted to ask if anyone of you have done load balancing on layer2 a= nd >> how they have done it. >> >> Your help guys would be mostly appreciated. >> >> Best Regards, >> >> Mark >> _______________________________________________ >> freebsd-pf@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-pf >> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >> >> =20 > > > > =20 --=20 Best Wishes, Stefan Lambrev ICQ# 24134177
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4874A61E.1040508>