From owner-freebsd-stable Wed Jun 19 7: 4:37 2002 Delivered-To: freebsd-stable@freebsd.org Received: from smtp1.amigo.net (smtp1.amigo.net [209.94.64.30]) by hub.freebsd.org (Postfix) with ESMTP id 8BA8237B408 for ; Wed, 19 Jun 2002 07:04:30 -0700 (PDT) Received: from stalker.amigo.net (billing.amigo.net [209.94.67.250]) by smtp1.amigo.net (8.11.4/8.11.4) with ESMTP id g5JE7Gk30028 for ; Wed, 19 Jun 2002 08:07:16 -0600 (MDT) (envelope-from randys@amigo.net) Date: Wed, 19 Jun 2002 08:05:00 -0600 (MDT) From: Randy Smith X-X-Sender: randy@stalker.amigo.net To: "freebsd-stable@freebsd.org" Subject: IPFW as load balancer Message-ID: <20020619075003.W6594-100000@stalker.amigo.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi all, I want to try to use IPFW to do load balancing for a transparent proxy cluster. My first idea was to do something like this: add prob .33 fwd ,3128 tcp from to any 80 add prob .50 fwd ,3128 tcp from to any 80 add fwd ,3128 tcp from to any 80 But this won't work because the packets for one session will end up at different caches. Can keep-state and check-state be used to keep the packets flowing to the same cache. Is the prob option copied to dynamic rules? From sys/netinst/ip_fw.c: * There are some limitations with dynamic rules -- we do not * obey the 'randomized match', Glancing through ip_fw.c (specifically ip_fw_chk() and lookup_dyn_rule()), it appears that the probability is not checked/used for dynamic rules. (Which is probably what the comment above means.) So, if I have these rules add prob .33 fwd ,3128 tcp from 192.168.0.0/24 to any 80 keep-state add prob .50 fwd ,3128 tcp from 192.168.0.0/24 to any 80 keep-state add fwd ,3128 tcp from 192.168.0.0/24 to any 80 keep-state and ipfw get a connection from e.g. 192.168.0.42 that hits the cacheA rule, does that mean ipfw would create the dynamic rule below? fwd ,3128 tcp from 192.168.0.42 to any 80 If so, it seems to me that it would create a rule that would forward all of the packets from the client (192.168.0.42) to cacheA. Does this make sense or am I out in left field? Thanks for the input. -- Randy Smith Amigo.Net Systems Administrator 1-719-589-6100 x 4185 http://www.amigo.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message