From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 04:12:46 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 89BAC16A4CF; Thu, 16 Sep 2004 04:12:46 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 80595 invoked by alias); 18 Aug 2004 17:38:56 -0000 Delivered-To: unirz@vampire.homelinux.org Received: (qmail 80592 invoked from network); 18 Aug 2004 17:38:56 -0000 Received: from mailstud.rz.uni-karlsruhe.de (129.13.185.210) by p5480825a.dip.t-dialin.net with SMTP; 18 Aug 2004 17:38:56 -0000 Received: from spamstud.rz.uni-karlsruhe.de (spamstud.rz.uni-karlsruhe.de [129.13.185.237]) by mailstud.rz.uni-karlsruhe.de with esmtp (Exim 4.34 #1) id 1BxUQP-0000Ym-Kj for max.laier@stud.uni-karlsruhe.de; Wed, 18 Aug 2004 19:40:37 +0200 Received: from localhost (exim@[127.0.0.1]) by spamstud.rz.uni-karlsruhe.de with spam-scanned (Exim 4.34 #1) id 1BxUQP-0006qA-ET for max.laier@stud.uni-karlsruhe.de; Wed, 18 Aug 2004 19:40:37 +0200 Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.187]) by spamstud.rz.uni-karlsruhe.de with esmtp (Exim 4.34 #1) id 1BxUQP-0006py-Bp for max.laier@stud.uni-karlsruhe.de; Wed, 18 Aug 2004 19:40:37 +0200 Received: from [212.227.126.153] (helo=mxng02.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1BxUQP-0005wl-00 for max.laier@stud.uni-karlsruhe.de; Wed, 18 Aug 2004 19:40:37 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng02.kundenserver.de with esmtp (Exim 3.35 #1) id 1BxUQO-0006BN-00 for max@love2party.net; Wed, 18 Aug 2004 19:40:37 +0200 Received: from localhost (localhost [127.0.0.1])ESMTP id 4188672E4B0; Wed, 18 Aug 2004 12:19:29 -0500 (EST) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 09730-79; Wed, 18 Aug 2004 12:19:29 -0500 (EST) Received: from turing (localhost [127.0.0.1])ESMTP id CD7F172C5E8; Wed, 18 Aug 2004 12:10:47 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Wed, 18 Aug 2004 12:10:22 -0500 (EST) X-Original-To: pf4freebsd@freelists.org Delivered-To: pf4freebsd@freelists.org Received: from localhost (localhost [127.0.0.1])ESMTP id 5905672E223 for ; Wed, 18 Aug 2004 11:55:29 -0500 (EST) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 01283-89 for ; Wed, 18 Aug 2004 11:55:29 -0500 (EST) Received: from smtp02.net-yan.com (smtp02.hgcbroadband.com [210.0.255.157]) ESMTP id DBD3372E42A for ; Wed, 18 Aug 2004 11:34:46 -0500 (EST) Received: (qmail 6471 invoked from network); 18 Aug 2004 16:31:19 -0000 Received: from unknown (HELO [192.168.4.129]) (samwun@hgcbroadband.com@[221.127.107.28]) (envelope-sender ) by localhost (qmail-ldap-1.03) with SMTP for ; 18 Aug 2004 16:31:19 -0000 Message-ID: <41238351.406@hgdbroadband.com> From: sam User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040616 X-Accept-Language: en-us, en MIME-Version: 1.0 To: pf4freebsd@freelists.org References: <200408052130.51026.max@love2party.net> <4121C8A1.40304@hgdbroadband.com> <200408172022.21707.max@love2party.net> <200408172154.06428.max@love2party.net> In-Reply-To: <200408172154.06428.max@love2party.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at freelists.org X-archive-position: 422 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: samwun@hgdbroadband.com Precedence: normal X-list: pf4freebsd X-Virus-Scanned: by amavisd-new at freelists.org X-Provags-Forward: max@love2party.net -> max.laier@stud.uni-karlsruhe.de X-Scan-Signature: 5f6539f6adeba5ad2286ff228912b968 X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on mail6.rz.uni-karlsruhe.de X-Spam-Status: No, hits=-0.6 required=7.0 tests=BAYES_01 autolearn=no version=2.61 X-Spam-Level: X-UID: 527 X-Length: 6558 X-Mailman-Approved-At: Thu, 16 Sep 2004 04:12:48 +0000 Subject: [pf4freebsd] Re: why multiple CARP groups for VoIP servers X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 04:12:46 -0000 X-Original-Date: Thu, 19 Aug 2004 00:26:57 +0800 X-List-Received-Date: Thu, 16 Sep 2004 04:12:46 -0000 Max Laier wrote: >On Tuesday 17 August 2004 20:22, Max Laier wrote: > > >>On Tuesday 17 August 2004 10:58, sam wrote: >> >> >>>Hi, >>> >>>I need to get adviced by someone for the usage of CARP+pfsync. >>>With the BIG example as described in the following page: >>>http://www.countersiege.com/doc/pfsync-carp/#big >>>I don't understand why create a different CARP group for each >>>application server instead of using only one CARP interface for 4 >>>internal application servers is better. >>> >>>With only one CARP address for 4 application servers, traffic still can >>>be redirected to another app server if one is died. Unless one CARP >>>address is not efficient. >>> >>>Can anyone please explain the difference using multiple CARP groups >>>instead of one CARP address? >>> >>> >>The example uses a "rdr source-hash" rule to load balance over the four >>virtual addresses. You cannot use the CARP version of source-hash as the >>clients are behind the firewalls and will not balance as a result. >> >> > >Sorry, meant to say: "You cannot use the CARP arpbalance ..." with the same >effect and (now much clearer (I hope)) reasoning. The servers will see only >the firewall arps and not those of the clients. While they will indeed see >the IP-Addresses, but CARP loadbalances on the arp-level. This is uses to >loadbalance between the two firewalls, btw. > > > So I think the only interfaces can have CARP arpbalance is the ones facing the Internet. Can "rdr source-hash" be used for load balancing and HA for VoIP gateways? There are 2 MVTS VoIP gateway servers in my office, I would like to setup two BSD firewalls with PF+CARP+PFsync configured for load balancing and redundency for the VoIP gateways. thanks sam >>If one server dies one of the remaining 3 takes over and has to take twice >>the load until the failed server comes back (or the admin modifies the rdr >>rule). >> >> > > >