[pf4freebsd] Re: why multiple CARP groups
Max Laier
max at love2party.net
Wed Sep 15 21:12:36 PDT 2004
On Tuesday 17 August 2004 10:58, sam wrote:
> Hi,
>
> I need to get adviced by someone for the usage of CARP+pfsync.
> With the BIG example as described in the following page:
> http://www.countersiege.com/doc/pfsync-carp/#big
> I don't understand why create a different CARP group for each
> application server instead of using only one CARP interface for 4
> internal application servers is better.
>
> With only one CARP address for 4 application servers, traffic still can
> be redirected to another app server if one is died. Unless one CARP
> address is not efficient.
>
> Can anyone please explain the difference using multiple CARP groups
> instead of one CARP address?
The example uses a "rdr source-hash" rule to load balance over the four
virtual addresses. You cannot use the CARP version of source-hash as the
clients are behind the firewalls and will not balance as a result.
If one server dies one of the remaining 3 takes over and has to take twice the
load until the failed server comes back (or the admin modifies the rdr rule).
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: signature
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20040916/6de379b8/attachment.bin
More information about the freebsd-pf
mailing list