[pf4freebsd] Re: why multiple CARP groups

Max Laier max at love2party.net
Wed Sep 15 21:12:36 PDT 2004

On Tuesday 17 August 2004 10:58, sam wrote:
> Hi,
> I need to get adviced by someone  for the usage of CARP+pfsync.
> With the BIG example as described in the following page:
> http://www.countersiege.com/doc/pfsync-carp/#big
> I don't understand why create a different CARP group for each
> application server instead of using only one CARP interface for 4
> internal application servers is better.
> With only one CARP address for 4 application servers, traffic still can
> be redirected to another app server if one is died. Unless one CARP
> address is not efficient.
> Can anyone please explain the difference using multiple CARP groups
> instead of one CARP address?

The example uses a "rdr source-hash" rule to load balance over the four 
virtual addresses. You cannot use the CARP version of source-hash as the 
clients are behind the firewalls and will not balance as a result.

If one server dies one of the remaining 3 takes over and has to take twice the 
load until the failed server comes back (or the admin modifies the rdr rule).

/"\  Best regards,			| mlaier at freebsd.org
\ /  Max Laier				| ICQ #67774661
 X   http://pf4freebsd.love2party.net/	| mlaier at EFnet
/ \  ASCII Ribbon Campaign		| Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: signature
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20040916/6de379b8/attachment.bin

More information about the freebsd-pf mailing list