Bottom posted /Seb
_____ From: [email protected] [mailto:[email protected]] On Behalf Of Shibashish shib4u-at-gmail.com Sent: 14 October 2011 14:15 To: pfSense support and discussion Subject: Re: [pfSense] Inbound Load Balancing on 2.0 On Fri, Oct 14, 2011 at 6:01 PM, Seb <[email protected]> wrote: Hi list, I followed the instructions listed here - http://doc.pfsense.org/index.php/Inbound_Load_Balancing and got Inbound Load Balancing working fine (in the end - it would be good if it said that you needed to add firewall pass rules for both the virtual server ip and the underlieing IPs!). BUT! It also says in that guide that there is a way to enable sticky connections. I cannot see this in 2.0. I note that the guide was written for 1.2. Was this option removed, or is it somewhere else? At the moment, my testing has shown that if I refresh the HTML page within 60 seconds I get the same server, if I wait more than 60 seconds to refresh I get the other server. That is cutting it a bit fine for us, as we are not sharing sessions between the servers. I would really like to get this timeout to 2 minutes. I tried setting the "State Timeout" to 120 seconds in the firewall rule (under Advanced Options) to see if this would change anything, but it didn't make any difference to which web server was sent the request. Does anyone have any suggestions on how to solve my problem? If Sticky Connections no longer work in pfSense 2.0, how feasible is it to do inbound load balancing via source IP hashing? Or can I make another change that would do it, perhaps a sysctl setting? Also, this page: http://doc.pfsense.org/index.php/Inbound_Load_Balancing_Troubleshooting suggests using this for troubleshooting: /sbin/pfctl -a slb -s nat But when I try it I get this: # /sbin/pfctl -a slb -s nat pfctl: DIOCGETRULES: Invalid argument Many thanks, Sebastian Did u check System > Advanced > Miscellaneous and enable... Load Balancing Load Balancing Use sticky connections Successive connections will be redirected to the servers in a round-robin manner with connections from the same source being sent to the same web server. This 'sticky connection' will exist as long as there are states that refer to this connection. Once the states expire, so will the sticky connection. Further connections from that host will be redirected to the next web server in the round robin. -- Shib ------------------- Hi Shib, Aha! No, I didn't find that option as the documentation didn't tell me where to find it! And I checked pretty much every other page anyway. But thanks for helping me find it - that's exactly what I was hoping for. Having now tested, it didn't take effect immediately, and apparently required a reboot to start working. Possibly pressing the clear states button might have made it start working - I didn't try that - but I assumed the states were clearing anyway after a minute (or 2 minutes after the next change I made), so I didn't expect that to change much. I also set my State Timeout to 120 seconds before the reboot but that didn't change anything. Given this, what does it mean by "This 'sticky connection' will exist as long as there are states that refer to this connection. Once the states expire, so will the sticky connection."? I have tested refreshing the page after 3 minutes now that Sticky is working, and I still get the same server! I would expect it to change server after 2 minutes - the State Timeout in the firewall rule... It does still seem to change server, but after a much longer period that 2 minutes. Basically, is the state expiration time configurable? Kind regards, Seb
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
