From owner-freebsd-pf@FreeBSD.ORG Mon Apr 3 08:48:24 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7A81616A400 for ; Mon, 3 Apr 2006 08:48:24 +0000 (UTC) (envelope-from kzorba@otenet.gr) Received: from rosebud.otenet.gr (rosebud.otenet.gr [195.170.0.94]) by mx1.FreeBSD.org (Postfix) with ESMTP id D098443D45 for ; Mon, 3 Apr 2006 08:48:23 +0000 (GMT) (envelope-from kzorba@otenet.gr) Received: from enigma.otenet.gr (enigma.otenet.gr [212.205.221.137]) by rosebud.otenet.gr (8.13.4.20060308/8.13.4/Debian-9) with ESMTP id k338mK6d006462; Mon, 3 Apr 2006 11:48:21 +0300 Received: by enigma.otenet.gr (Postfix, from userid 1000) id 6CF83AA861; Mon, 3 Apr 2006 11:48:59 +0300 (EEST) Date: Mon, 3 Apr 2006 11:48:59 +0300 From: Kostas Zorbadelos To: Max Laier Message-ID: <20060403084859.GE26450@enigma.otenet.gr> References: <20060402082519.GA25134@enigma.otenet.gr> <200604021749.48171.max@love2party.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200604021749.48171.max@love2party.net> User-Agent: Mutt/1.5.11 Cc: freebsd-pf@freebsd.org Subject: Re: Address pools and load balancing issues X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Apr 2006 08:48:24 -0000 On Sun, Apr 02, 2006 at 05:49:42PM +0200, Max Laier wrote: > On Sunday 02 April 2006 10:25, Kostas Zorbadelos wrote: > > Ideally, I > > would like to express all my pools as tables and have all the > > different algorithms for load balancing available. > > The problem is what does bitmask or source-hash mean for a table? > What do you > apply the bitmask to? I can understand that bitmask requires the use of a continuous network block. > What do you hash to? On the other hand, I see no reason not to hash, or choose randomly to/from a discrete set of addresses. > The other problem is the > internal organization of tables that is optimized for lookups and doesn't > work as a list or array which is required for hashing. I will try my best to give a look at the actual code. I believe you are telling me that the representation of tables is in a data structure of some sort (a tree or something?) that makes it difficult to hash or choose randomly. If this is the case, the situation could be fixed (with a certain cost of course). > A sollution would be > to have real address lists, but I doubt that will happen any time soon. > Do you mean have data structures internally that represent effectivelly address lists? > As for a workaround sollution for you. sticky-address works also without > states, provided you set a reasonable value for "set timeout source-track" as > described in pf.conf(5). Yes, I saw that, thanks very much for confirming, I believe this is the way to go. > Another option is to just make your webserver into > a continuous netbock via rdr/binat rules. You should be able to map them > into a private netbock and can then apply source-hash load-balanceing to > that. Of course there is overhead associated with that as well. It really > depends on your usecase which is the most workable sollution. > Although this could provide a solution, I believe it is a non elegant hack. Thanks for the suggestion though. > > Thanks in advance and congratulations to all the people involved in pf > > for the great work. > > -- > /"\ Best regards, | mlaier@freebsd.org > \ / Max Laier | ICQ #67774661 > X http://pf4freebsd.love2party.net/ | mlaier@EFnet > / \ ASCII Ribbon Campaign | Against HTML Mail and News Best regards, Kostas -- Kostas Zorbadelos m@il contact: kzorba (at) otenet.gr Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns.