Trying to setup DSR load balancing with pf route-to

Gilberto Villani Brito linux at giboia.org
Tue Feb 13 11:49:22 UTC 2007 

Try to use round-robin like that:
pass in on fxp0 route-to { web1, web2, webn } round-robin from any to
x.100 keep state

-- 
Gilberto Villani Brito
System Administrator
Londrina - PR
Brazil
gilbertovb(a)gmail.com



On 12/02/07, Chip Marshall <chip at 2bithacker.net> wrote:
> I've been trying to get a Direct Server Return (DSR) load balancing
> arrangment set up using FreeBSD 6.2's pf and the route-to option.
>
> The arrangement looks something like this
>
>            Router
>              |
>    /---------+-------\
>    |                 |
>    |  +--------+     |     +--------+
>    +-0| lb 1   |1----+----0| web 1  |lo0--(x.100)
>    |  +--------+     |     +--------+
>    |                 |
>    |  +--------+     |     +--------+
>    \-0| lb 2   |1----+----0| web 2  |lo0--(x.100)
>       +--------+     |     +--------+
>                      |
>                      |     +--------+
>                      +----0| web n  |lo0--(x.100)
>                            +--------+
>
> Where x.100 is the routable IP address of the website. The Router has a
> route to x.100 via interface 0 of the load balancers, which use pf's route-to
> option to redirect the packets to one of the web servers, keeping state
> so further packets for the same connection go to the same web server.
>
> The web servers then sent the returning packets directly to the router.
>
> The problem I'm having is that the load balancers aren't actually
> passing packets. I have the following in their pf.conf:
>
> pass in on fxp0 route-to { web1, web2, webn } from any to x.100 keep state
>
> and that's it.
>
> Using tcpdump, I see packets coming into the load balancers, and I see
> state rules being setup according to that rule, but I never see
> packets leaving the load balancers, and definitely never see them
> hitting the web farm.
>
> Any ideas for what I'm doing wrong here?
>
> --
> Chip Marshall <chip at 2bithacker.net>
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>

More information about the freebsd-pf mailing list