Suggestions on how to do Layer 2 load balacing with PF

Stefan Lambrev stefan.lambrev at moneybookers.com
Wed Jul 9 12:06:27 UTC 2008 

Hi,

It's a very interesting question - at least for me. :)

István Szukács wrote:
> hi!
>
> http://people.freebsd.org/~mlaier/sucon.pdf
>
> CARP
>
> Supports layer 2 load balancing (ARP based)
>   
But the OP claims that pfsync is not fast enough to sync all states? How 
will balancing work then?
Also I can't imagine the combination of bridge and carp (on same 
firewall).. after all CARP needs IP and bridge is transparent?
> cheers
>
> On Wed, Jul 9, 2008 at 8:14 AM, Mark Pagulayan <m.pagulayan at auckland.ac.nz>
> wrote:
>
>   
>> Hi Guys,
>>
>> I was just wondering if anyone of you have done layer 2 load balancing with
>> PF.
>>
>> We tried to load balance traffic between two bridge firewall through OSPF,
>> by putting equal weights on the router ports. But the problem we encountered
>> is that when packet exits FW1 ( a state is created) it returns to FW2, the
>> packet gets drop because the state created on FW1 has not yet synced on FW2.
>>     
I guess you have two external uplinks - one for every firewall. Can you 
draw simple schema of the network topology?
>> We did this experiment because the firewall starts to drop packets when
>> packet rates reach 30Kp/s hoping that we load balance it, we can distribute
>> traffic to the firewalls. And just for information where a using a Gig
>> interface (em)
>>     
30kpps is very low. Bridge with stateful PF should handle at least 
100-150kpps, probably your hardware is not up to the task?
You may want to look at "Freebsd IP Forwarding  performance (question, 
and some info) [7-stable, current, em, smp]" thread in freebsd-net archives
for how to tune your router/firewall.
>> I wanted to ask if anyone of you have done load balancing  on layer2 and
>> how they have done it.
>>
>> Your help guys would be mostly appreciated.
>>
>> Best Regards,
>>
>> Mark
>> _______________________________________________
>> freebsd-pf at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
>> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>>
>>     
>
>
>
>   

-- 

Best Wishes,
Stefan Lambrev
ICQ# 24134177

More information about the freebsd-pf mailing list