[pf4freebsd] Re: why multiple CARP groups for VoIP servers

[sam]

Max Laier wrote:

>On Tuesday 17 August 2004 20:22, Max Laier wrote:
>  
>
>>On Tuesday 17 August 2004 10:58, sam wrote:
>>    
>>
>>>Hi,
>>>
>>>I need to get adviced by someone  for the usage of CARP+pfsync.
>>>With the BIG example as described in the following page:
>>>http://www.countersiege.com/doc/pfsync-carp/#big
>>>I don't understand why create a different CARP group for each
>>>application server instead of using only one CARP interface for 4
>>>internal application servers is better.
>>>
>>>With only one CARP address for 4 application servers, traffic still can
>>>be redirected to another app server if one is died. Unless one CARP
>>>address is not efficient.
>>>
>>>Can anyone please explain the difference using multiple CARP groups
>>>instead of one CARP address?
>>>      
>>>
>>The example uses a "rdr source-hash" rule to load balance over the four
>>virtual addresses. You cannot use the CARP version of source-hash as the
>>clients are behind the firewalls and will not balance as a result.
>>    
>>
>
>Sorry, meant to say: "You cannot use the CARP arpbalance ..." with the same 
>effect and (now much clearer (I hope)) reasoning. The servers will see only 
>the firewall arps and not those of the clients. While they will indeed see 
>the IP-Addresses, but CARP loadbalances on the arp-level. This is uses to 
>loadbalance between the two firewalls, btw.
>
>  
>
So I think the only interfaces can have CARP arpbalance is the ones 
facing the Internet. Can "rdr source-hash" be used for load balancing 
and HA for VoIP gateways?
There are 2 MVTS VoIP gateway servers in my office, I would like to 
setup two BSD firewalls with PF+CARP+PFsync configured for load 
balancing and redundency for the VoIP gateways.

thanks
sam

>>If one server dies one of the remaining 3 takes over and has to take twice
>>the load until the failed server comes back (or the admin modifies the rdr
>>rule).
>>    
>>
>
>  
>