From owner-freebsd-pf@FreeBSD.ORG Fri Apr 25 15:06:25 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 75F531065688 for ; Fri, 25 Apr 2008 15:06:25 +0000 (UTC) (envelope-from mohacsi@niif.hu) Received: from mail.ki.iif.hu (mail.ki.iif.hu [IPv6:2001:738:0:411::241]) by mx1.freebsd.org (Postfix) with ESMTP id C704A8FC1C for ; Fri, 25 Apr 2008 15:06:24 +0000 (UTC) (envelope-from mohacsi@niif.hu) Received: from localhost (localhost [IPv6:::1]) by mail.ki.iif.hu (Postfix) with ESMTP id 89001848F6; Fri, 25 Apr 2008 17:06:23 +0200 (CEST) X-Virus-Scanned: by amavisd-new at mignon.ki.iif.hu Received: from mail.ki.iif.hu ([127.0.0.1]) by localhost (mignon.ki.iif.hu [127.0.0.1]) (amavisd-new, port 10024) with LMTP id ci0LNpqd5kS4; Fri, 25 Apr 2008 17:06:21 +0200 (CEST) Received: by mail.ki.iif.hu (Postfix, from userid 9002) id 1780E84836; Fri, 25 Apr 2008 17:06:21 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mail.ki.iif.hu (Postfix) with ESMTP id 164A6844B5; Fri, 25 Apr 2008 17:06:21 +0200 (CEST) Date: Fri, 25 Apr 2008 17:06:21 +0200 (CEST) From: Mohacsi Janos X-X-Sender: mohacsi@mignon.ki.iif.hu To: CZUCZY Gergely In-Reply-To: <20080425092706.2a977670@twoflower.in.publishing.hu> Message-ID: <20080425170324.H16673@mignon.ki.iif.hu> References: <402f78990804242338v5c2d6e95yaf73382878f8c26@mail.gmail.com> <20080425092706.2a977670@twoflower.in.publishing.hu> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-pf@freebsd.org Subject: Re: pf (+ relayd?) as lvs replacement X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Apr 2008 15:06:25 -0000 On Fri, 25 Apr 2008, CZUCZY Gergely wrote: > Hello, > > A somewhat similar can be achived using relayd, but this kind of load > balancing shouldn't be done on L2/L3 level. This kind of load balancing > should be done on Layer7 with some application level load balancers. > That way you can also do more then this (like sanitizing the requests > before they get to the actual servers). > > Some projects exists out there to do this, like pound[1], or also nginx has > some features for this propose, and even apache2.2 is being extended into this > direction. Most of these projects don't have IPv6 support, whil pf has IPv6 support builtin. We are using pf for load balancing HTTP for more than a years now, successfully. Best Regards, Janos Mohacsi Network Engineer, Research Associate, Head of Network Planning and Projects NIIF/HUNGARNET, HUNGARY Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882