Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 16 Sep 2004 04:12:46 -0000
From:      sam <samwun@hgdbroadband.com>
To:        pf4freebsd@freelists.org
Subject:   [pf4freebsd] Re: why multiple CARP groups for VoIP servers
Message-ID:  <41238351.406@hgdbroadband.com>
In-Reply-To: <200408172154.06428.max@love2party.net>
References:  <200408052130.51026.max@love2party.net> <4121C8A1.40304@hgdbroadband.com> <200408172022.21707.max@love2party.net> <200408172154.06428.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
Max Laier wrote:

>On Tuesday 17 August 2004 20:22, Max Laier wrote:
>  
>
>>On Tuesday 17 August 2004 10:58, sam wrote:
>>    
>>
>>>Hi,
>>>
>>>I need to get adviced by someone  for the usage of CARP+pfsync.
>>>With the BIG example as described in the following page:
>>>http://www.countersiege.com/doc/pfsync-carp/#big
>>>I don't understand why create a different CARP group for each
>>>application server instead of using only one CARP interface for 4
>>>internal application servers is better.
>>>
>>>With only one CARP address for 4 application servers, traffic still can
>>>be redirected to another app server if one is died. Unless one CARP
>>>address is not efficient.
>>>
>>>Can anyone please explain the difference using multiple CARP groups
>>>instead of one CARP address?
>>>      
>>>
>>The example uses a "rdr source-hash" rule to load balance over the four
>>virtual addresses. You cannot use the CARP version of source-hash as the
>>clients are behind the firewalls and will not balance as a result.
>>    
>>
>
>Sorry, meant to say: "You cannot use the CARP arpbalance ..." with the same 
>effect and (now much clearer (I hope)) reasoning. The servers will see only 
>the firewall arps and not those of the clients. While they will indeed see 
>the IP-Addresses, but CARP loadbalances on the arp-level. This is uses to 
>loadbalance between the two firewalls, btw.
>
>  
>
So I think the only interfaces can have CARP arpbalance is the ones 
facing the Internet. Can "rdr source-hash" be used for load balancing 
and HA for VoIP gateways?
There are 2 MVTS VoIP gateway servers in my office, I would like to 
setup two BSD firewalls with PF+CARP+PFsync configured for load 
balancing and redundency for the VoIP gateways.

thanks
sam

>>If one server dies one of the remaining 3 takes over and has to take twice
>>the load until the failed server comes back (or the admin modifies the rdr
>>rule).
>>    
>>
>
>  
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41238351.406>