From owner-freebsd-pf@FreeBSD.ORG  Thu Sep 16 04:12:41 2004
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 674)
	id 838BD16A4CF; Thu, 16 Sep 2004 04:12:41 +0000 (GMT)
Delivered-To: mlaier@vampire.homelinux.org
Received: (qmail 73033 invoked by alias); 17 Aug 2004 19:55:00 -0000
Delivered-To: unirz@vampire.homelinux.org
Received: (qmail 73030 invoked from network); 17 Aug 2004 19:55:00 -0000
Received: from mailstud.rz.uni-karlsruhe.de (129.13.185.210)
  by pd9e39ba7.dip.t-dialin.net with SMTP; 17 Aug 2004 19:55:00 -0000
Received: from spamstud.rz.uni-karlsruhe.de (spamstud.rz.uni-karlsruhe.de
	[129.13.185.237])
	by mailstud.rz.uni-karlsruhe.de with esmtp (Exim 4.34 #1)
	id 1BxA4Y-0002si-5n for max.laier@stud.uni-karlsruhe.de;
	Tue, 17 Aug 2004 21:56:42 +0200
Received: from localhost (exim@[127.0.0.1])
	by spamstud.rz.uni-karlsruhe.de with spam-scanned (Exim 4.34 #1)
	id 1BxA4Y-0001Zd-0A for max.laier@stud.uni-karlsruhe.de;
	Tue, 17 Aug 2004 21:56:42 +0200
Received: from moutng.kundenserver.de (moutng.kundenserver.de
	[212.227.126.188])
	by spamstud.rz.uni-karlsruhe.de with esmtp (Exim 4.34 #1)
	id 1BxA4X-0001ZS-U3 for max.laier@stud.uni-karlsruhe.de;
	Tue, 17 Aug 2004 21:56:41 +0200
Received: from [212.227.126.212] (helo=mxng16.kundenserver.de)
	by moutng.kundenserver.de with esmtp (Exim 3.35 #1)
	id 1BxA4X-0003Fg-00
	for max.laier@stud.uni-karlsruhe.de; Tue, 17 Aug 2004 21:56:41 +0200
Received: from [206.53.239.180] (helo=turing.freelists.org)
	by mxng16.kundenserver.de with esmtp (Exim 3.35 #1)
	id 1BxA4X-0004y5-00
	for max@love2party.net; Tue, 17 Aug 2004 21:56:41 +0200
Received: from localhost (localhost [127.0.0.1])ESMTP
	id 3F8A372DC92; Tue, 17 Aug 2004 14:55:34 -0500 (EST)
Received: from turing.freelists.org ([127.0.0.1])
 by localhost (turing [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
 id 26920-69; Tue, 17 Aug 2004 14:55:33 -0500 (EST)
Received: from turing (localhost [127.0.0.1])ESMTP
	id 16B9D72DC4B; Tue, 17 Aug 2004 14:55:32 -0500 (EST)
Received: with ECARTIS (v1.0.0; list pf4freebsd);
	Tue, 17 Aug 2004 14:55:10 -0500 (EST)
X-Original-To: pf4freebsd@freelists.org
Delivered-To: pf4freebsd@freelists.org
Received: from localhost (localhost [127.0.0.1])ESMTP id 932D872D3AD
	for <pf4freebsd@freelists.org>; Tue, 17 Aug 2004 14:55:09 -0500 (EST)
Received: from turing.freelists.org ([127.0.0.1])
 by localhost (turing [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
 id 26931-59 for <pf4freebsd@freelists.org>;
 Tue, 17 Aug 2004 14:55:09 -0500 (EST)
Received: from moutng.kundenserver.de (moutng.kundenserver.de
	[212.227.126.184])ESMTP id C9DC172CD34
	for <pf4freebsd@freelists.org>; Tue, 17 Aug 2004 14:55:08 -0500 (EST)
Received: from [212.227.126.205] (helo=mrelayng.kundenserver.de)
	by moutng.kundenserver.de with esmtp (Exim 3.35 #1)
	id 1BxA3i-0008KA-00
	for pf4freebsd@freelists.org; Tue, 17 Aug 2004 21:55:50 +0200
Received: from [217.227.155.167] (helo=donor.laier.local)
	by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128)
	(Exim 3.35 #1)
	id 1BxA3h-0008Gb-00
	for pf4freebsd@freelists.org; Tue, 17 Aug 2004 21:55:50 +0200
From: Max Laier <max@love2party.net>
To: pf4freebsd@freelists.org
User-Agent: KMail/1.6.2
References: <200408052130.51026.max@love2party.net>
	<4121C8A1.40304@hgdbroadband.com> <200408172022.21707.max@love2party.net>
In-Reply-To: <200408172022.21707.max@love2party.net>
MIME-Version: 1.0
Content-Type: multipart/signed;
  protocol="application/pgp-signature";
  micalg=pgp-sha1;
  boundary="Boundary-02=_eJmIBHAvQC5yFn4";
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <200408172154.06428.max@love2party.net>
X-Provags-ID: kundenserver.de abuse@kundenserver.de
	auth:61c499deaeeba3ba5be80f48ecc83056
X-Virus-Scanned: by amavisd-new at freelists.org
X-archive-position: 420
X-ecartis-version: Ecartis v1.0.0
Sender: pf4freebsd-bounce@freelists.org
Errors-To: pf4freebsd-bounce@freelists.org
X-original-sender: max@love2party.net
Precedence: normal
X-list: pf4freebsd
X-Virus-Scanned: by amavisd-new at freelists.org
X-Provags-Forward: max@love2party.net -> max.laier@stud.uni-karlsruhe.de
X-Scan-Signature: 8efe33388ccc4ad5ed6ccdac92cb8685
X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on 
	mail6.rz.uni-karlsruhe.de
X-Spam-Status: No, hits=-4.9 required=7.0 tests=BAYES_00 autolearn=no 
	version=2.61
X-Spam-Level: 
X-UID: 526
X-Length: 6958
X-Mailman-Approved-At: Thu, 16 Sep 2004 04:12:49 +0000
Subject: [pf4freebsd] Re: why multiple CARP groups
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.1
Reply-To: pf4freebsd@freelists.org
List-Id: Technical discussion and general questions about packet filter (pf)
	<freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
Date: Thu, 16 Sep 2004 04:12:41 -0000
X-Original-Date: Tue, 17 Aug 2004 21:53:55 +0200
X-List-Received-Date: Thu, 16 Sep 2004 04:12:41 -0000


--Boundary-02=_eJmIBHAvQC5yFn4
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Tuesday 17 August 2004 20:22, Max Laier wrote:
> On Tuesday 17 August 2004 10:58, sam wrote:
> > Hi,
> >
> > I need to get adviced by someone  for the usage of CARP+pfsync.
> > With the BIG example as described in the following page:
> > http://www.countersiege.com/doc/pfsync-carp/#big
> > I don't understand why create a different CARP group for each
> > application server instead of using only one CARP interface for 4
> > internal application servers is better.
> >
> > With only one CARP address for 4 application servers, traffic still can
> > be redirected to another app server if one is died. Unless one CARP
> > address is not efficient.
> >
> > Can anyone please explain the difference using multiple CARP groups
> > instead of one CARP address?
>
> The example uses a "rdr source-hash" rule to load balance over the four
> virtual addresses. You cannot use the CARP version of source-hash as the
> clients are behind the firewalls and will not balance as a result.

Sorry, meant to say: "You cannot use the CARP arpbalance ..." with the same=
=20
effect and (now much clearer (I hope)) reasoning. The servers will see only=
=20
the firewall arps and not those of the clients. While they will indeed see=
=20
the IP-Addresses, but CARP loadbalances on the arp-level. This is uses to=20
loadbalance between the two firewalls, btw.

> If one server dies one of the remaining 3 takes over and has to take twice
> the load until the failed server comes back (or the admin modifies the rdr
> rule).

=2D-=20
/"\  Best regards,			| mlaier@freebsd.org
\ /  Max Laier				| ICQ #67774661
 X   http://pf4freebsd.love2party.net/	| mlaier@EFnet
/ \  ASCII Ribbon Campaign		| Against HTML Mail and News

--Boundary-02=_eJmIBHAvQC5yFn4
Content-Type: application/pgp-signature
Content-Description: signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (FreeBSD)

iD4DBQBBImJeXyyEoT62BG0RAk7HAJjX91CFCXnVbuafU77ERaklBhpbAJ4gjt1n
U0UgIfGgNXj88b89pYACWA==
=OI5p
-----END PGP SIGNATURE-----

--Boundary-02=_eJmIBHAvQC5yFn4--