A little update, the filter rules are these, except the interface name they are identical, and queue names are identical aswell, only difference is on what interface the queues are present.
Node1 pass in log on vlan0 inet from zzz.xxx.yyy.dddd/30 to any flags S/SA keep state queue(zzz.xxx.yyy.dddd_stdi, zzz.xxx.yyy.dddd_acki) pass out log on em0 inet from zzz.xxx.yyy.dddd/30 to any flags S/SA keep state queue(zzz.xxx.yyy.dddd_stdo, zzz.xxx.yyy.dddd_acko) pass in log on em0 inet from any to zzz.xxx.yyy.dddd/30 flags S/SA keep state queue(zzz.xxx.yyy.dddd_stdi, zzz.xxx.yyy.dddd_acki) Node2 pass in log on vlan1 inet from zzz.xxx.yyy.dddd/30 to any flags S/SA keep state queue(zzz.xxx.yyy.dddd_stdi, zzz.xxx.yyy.dddd_acki) pass out log on vlan0 inet from zzz.xxx.yyy.dddd/30 to any flags S/SA keep state queue(zzz.xxx.yyy.dddd_stdo, zzz.xxx.yyy.dddd_acko) pass in log on vlan0 inet from any to zzz.xxx.yyy.dddd/30 flags S/SA keep state queue(zzz.xxx.yyy.dddd_stdi, zzz.xxx.yyy.dddd_acki) While testing i noticed that if connection was initated ( big ftp download session) for example node1 and then failovered to node2, traffic didnot hit right queue, but when i failovered again to node2 the traffic hit the right queue again, i think the problem is that pf cannot sync correctly if different interface names are used on nodes, could anyone confirm that? On E, 2009-06-01 at 22:47 +0200, Henning Brauer wrote: > * Georg Kahest <ge...@viatel.ee> [2009-06-01 15:21]: > > Yes the rulesets are identical, strange thing is from pftop it seems > > that it hits default queue (25mbit queue) but somehow the client gets > > 10~MB/s what seems more of interface root queue value rather then that > > default queue. Thou the real queue it should use is at 8mbit. > > that is expected with states without reference back to a rule. this > clearly proves your rulesets are not identical, because otherwise that > ref would have been there. > and in any case - current behaves differently, queueing info now lives > on the state. > > -- > Henning Brauer, h...@bsws.de, henn...@openbsd.org > BS Web Services, http://bsws.de > Full-Service ISP - Secure Hosting, Mail and DNS Services > Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam > -- Georg Kahest <ge...@viatel.ee> ProGroup Holding
