PF + load balancing over 100Mbit traffic
Gergely CZUCZY
phoemix at harmless.hu
Thu Dec 3 09:28:35 UTC 2009
On Thu, 03 Dec 2009 09:19:29 +0100
Adam PAPAI <wooh at wooh.hu> wrote:
> Dear List,
>
> I have a feeling that PF can't do perfect round-robin load balancing
> over 100Mbit.
>
> When our PF server's (Dual Quad Core 3Ghz with 8GB ram) network
> traffic goes over 100Mbit, the 80 port's connect time increases to
> 3-5-10 sec instead of the stable 0.001-0.002 sec. The web servers
> feel good, they don't have load, the redundant master-slave database
> servers feel good, they dont have high load. So everything seems
> fine, except the connect time. (Our checker script asks only a HEAD
> request from the web servers)
Have you adjusted the TCP timeout parameters? this can be caused by the
standard 30sec timeouts and your state table is getting filled up. I'd
check the following parameters:
- timeout tcp.{closing,finwait,closed}
- interval
- limit states
pftop can be a great help for checking pf's behaviour, it's available
in ports.
>
> The internal network has Gbit connection so as the internet side.
>
> Do you have any advice? Is it time to get a Layer 7 switch and do
> load balancing with it? Or is it possible to do it in a PF way
> without a Content Switch?
>
> 2 web servers and 2 database servers are involved.
>
> [web 1] ---|
> [web 2] ---|
> [db 1] ---|---[pf/web 3/default gw]---internet
> [db 2] ---|
>
>
> For a while the web server on the PF server is down to test, but it
> does the same connection time with a running apache and without a
> running apache.
>
> Any idea? Our internet traffic average is 100Mbit-130Mbit and the
> connect time makes me so sad.
>
> Thanks in advance,
>
--
Sincerely,
Gergely CZUCZY
Harmless Digital Bt
+36-30-9702963
More information about the freebsd-pf
mailing list