Date: Wed, 09 Jul 2008 14:50:54 +0300 From: Stefan Lambrev <stefan.lambrev@moneybookers.com> To: =?UTF-8?B?SXN0dsOhbiBTenVrw6Fjcw==?= <leccine@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: Suggestions on how to do Layer 2 load balacing with PF Message-ID: <4874A61E.1040508@moneybookers.com> In-Reply-To: <b8592ed80807090240k234e0a20je94d04684bfc7580@mail.gmail.com> References: <6E7521247AB3F04685C35F382AADE1B123932C7967@UXCHANGE7-2.UoA.auckland.ac.nz> <b8592ed80807090240k234e0a20je94d04684bfc7580@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, It's a very interesting question - at least for me. :) István Szukács wrote: > hi! > > http://people.freebsd.org/~mlaier/sucon.pdf > > CARP > > Supports layer 2 load balancing (ARP based) > But the OP claims that pfsync is not fast enough to sync all states? How will balancing work then? Also I can't imagine the combination of bridge and carp (on same firewall).. after all CARP needs IP and bridge is transparent? > cheers > > On Wed, Jul 9, 2008 at 8:14 AM, Mark Pagulayan <m.pagulayan@auckland.ac.nz> > wrote: > > >> Hi Guys, >> >> I was just wondering if anyone of you have done layer 2 load balancing with >> PF. >> >> We tried to load balance traffic between two bridge firewall through OSPF, >> by putting equal weights on the router ports. But the problem we encountered >> is that when packet exits FW1 ( a state is created) it returns to FW2, the >> packet gets drop because the state created on FW1 has not yet synced on FW2. >> I guess you have two external uplinks - one for every firewall. Can you draw simple schema of the network topology? >> We did this experiment because the firewall starts to drop packets when >> packet rates reach 30Kp/s hoping that we load balance it, we can distribute >> traffic to the firewalls. And just for information where a using a Gig >> interface (em) >> 30kpps is very low. Bridge with stateful PF should handle at least 100-150kpps, probably your hardware is not up to the task? You may want to look at "Freebsd IP Forwarding performance (question, and some info) [7-stable, current, em, smp]" thread in freebsd-net archives for how to tune your router/firewall. >> I wanted to ask if anyone of you have done load balancing on layer2 and >> how they have done it. >> >> Your help guys would be mostly appreciated. >> >> Best Regards, >> >> Mark >> _______________________________________________ >> freebsd-pf@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-pf >> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >> >> > > > > -- Best Wishes, Stefan Lambrev ICQ# 24134177
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4874A61E.1040508>