From owner-freebsd-pf@FreeBSD.ORG Wed Jul 9 07:15:12 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2C1DF1065670 for ; Wed, 9 Jul 2008 07:15:12 +0000 (UTC) (envelope-from m.pagulayan@auckland.ac.nz) Received: from mailhost.auckland.ac.nz (moe.its.auckland.ac.nz [130.216.12.35]) by mx1.freebsd.org (Postfix) with ESMTP id BBDE48FC2B for ; Wed, 9 Jul 2008 07:15:11 +0000 (UTC) (envelope-from m.pagulayan@auckland.ac.nz) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 2FCC14803F6 for ; Wed, 9 Jul 2008 19:15:09 +1200 (NZST) X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz Received: from mailhost.auckland.ac.nz ([127.0.0.1]) by localhost (moe.its.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h5PYEmpC3n9H for ; Wed, 9 Jul 2008 19:15:09 +1200 (NZST) Received: from UXCHANGE2.UoA.auckland.ac.nz (uxcn2.itss.auckland.ac.nz [130.216.190.119]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 075984803A1 for ; Wed, 9 Jul 2008 19:15:08 +1200 (NZST) Received: from uxchange7-fe1.UoA.auckland.ac.nz ([130.216.190.107]) by UXCHANGE2.UoA.auckland.ac.nz with Microsoft SMTPSVC(6.0.3790.1830); Wed, 9 Jul 2008 19:14:03 +1200 Received: from UXCHANGE7-2.UoA.auckland.ac.nz ([130.216.190.91]) by uxchange7-fe1.UoA.auckland.ac.nz ([130.216.190.107]) with mapi; Wed, 9 Jul 2008 19:14:03 +1200 From: Mark Pagulayan To: "freebsd-pf@freebsd.org" Date: Wed, 9 Jul 2008 19:14:02 +1200 Thread-Topic: Suggestions on how to do Layer 2 load balacing with PF Thread-Index: Acjhk11AALqc1N5kTpCefuMGWJNN/g== Message-ID: <6E7521247AB3F04685C35F382AADE1B123932C7967@UXCHANGE7-2.UoA.auckland.ac.nz> Accept-Language: en-US, en-NZ Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US, en-NZ MIME-Version: 1.0 X-OriginalArrivalTime: 09 Jul 2008 07:14:03.0572 (UTC) FILETIME=[5E20F740:01C8E193] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Suggestions on how to do Layer 2 load balacing with PF X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jul 2008 07:15:12 -0000 Hi Guys, I was just wondering if anyone of you have done layer 2 load balancing with= PF. We tried to load balance traffic between two bridge firewall through OSPF, = by putting equal weights on the router ports. But the problem we encountere= d is that when packet exits FW1 ( a state is created) it returns to FW2, th= e packet gets drop because the state created on FW1 has not yet synced on F= W2. We did this experiment because the firewall starts to drop packets when pac= ket rates reach 30Kp/s hoping that we load balance it, we can distribute tr= affic to the firewalls. And just for information where a using a Gig interf= ace (em) I wanted to ask if anyone of you have done load balancing on layer2 and ho= w they have done it. Your help guys would be mostly appreciated. Best Regards, Mark