From owner-freebsd-questions@FreeBSD.ORG Sun Aug 27 17:38:09 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 68E1216A4E6 for ; Sun, 27 Aug 2006 17:38:09 +0000 (UTC) (envelope-from gorlani@gorlani.com) Received: from smtpa1.aruba.it (smtpa1.aruba.it [62.149.128.206]) by mx1.FreeBSD.org (Postfix) with SMTP id 1358F43D6D for ; Sun, 27 Aug 2006 17:38:05 +0000 (GMT) (envelope-from gorlani@gorlani.com) Received: (qmail 14988 invoked by uid 89); 27 Aug 2006 17:38:01 -0000 Received: by simscan 1.1.0 ppid: 14973, pid: 14985, t: 0.7515s scanners: clamav: 0.80/m:29/d:680 Received: from unknown (HELO thebeast) (gorlani@gorlani.com@62.10.51.22) by smtp1.aruba.it with SMTP; 27 Aug 2006 17:38:00 -0000 From: Sender: "Marcello Gorlani" To: Date: Sun, 27 Aug 2006 19:37:57 +0200 Message-ID: <000d01c6c9ff$89d0e510$4b0cfea9@thebeast> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 Thread-Index: AcbJ/2vHNtK2YnG5Rgq6GbVmpBfOZw== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Spam-Rating: smtp1.aruba.it 1.6.2 0/1000/N Subject: Understanding CARP X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Aug 2006 17:38:09 -0000 Hi I'm new to FreeBSD but I'm loving it very much! I'm experimenting with CARP to create a redundant router/firewall. I created a functioning two machine routing cluster and it works very well while configured for failover. I'm going to test it with load balancing and I'm wondering about some problems that could arise. Suppose I enable load balancing features. Situation: my cluster (made by CL1 and CL2) routes from Net A to Net B. I have an A_client and a B_Server. A_Client initiates a connection to B_Server and the packet is routed by the CL1 machine. The response packet comes from the B network (it is from B_Server) and is taken by CL2 to be routed (asymmetric routing problem, as documented in the man page). If no packet filtering occurs, there is no problem. But what if I use IPFilter? Is there a way to keep the state between CL1 and CL2 with IPFilter? Also I would like to know in which way packets flow to all the members of the cluster in a switched environment, since they share the same mac address. Is CARP using a technique like Microsoft NLB to avoid switches from learning mac addresses? Does this lead, like using NLB, to flooding? Thanks