Hello Daniel,
Wednesday, October 2, 2002, 12:25:38 PM, you wrote:
DH> On Wed, Oct 02, 2002 at 12:15:26PM -0300, Alejandro G. Belluscio wrote:
>> rdr-load on #if inet proto tcp from any to #ExtIf port www -> \
>> {#Ip1 port www, #Ip2 port www, #Ip3 port www} \
>> [balance-weight {4, 5, 9} #idnum | balance-round-robin #idnum]
DH> Yes, that makes sense, and Ryan McBride is actually working on doing
DH> something like that. There are a couple of questions still, though. If
DH> we allow free lists like { #Ip1, #Ip2, ... }, we have to find a way to
DH> store them in kernel and pass them through ioctls. Considering that the
DH> list may be large, that can be non-trivial (also adding or removing
DH> addresses from this list without removing the entire rule).
I think you could let the IP fixed and just work on the balancing
algorithm. So if you use weighted, you just asign 0 value. If you use
round robin you may make an available bitmap and use it for deciding
to which ip forward. You may loose the oportunity to add/delete new IP,
but you can efectively turn on/off. Which may be should be just fine.
DH> Another point is how this deals with #Ip1 going down. Should any part of
DH> pf (in kernel?) monitor (or even probe) the targets and modify the list
DH> automatically? Or would you want a userland daemon to do that? Or do it
DH> manually completely?
Well, I usually like to keep thing to the minimum. That's why I
supposed that we should use something like hearbeat from userland and
let him modify this data. It may have some security implications, thou.
--
Best regards,
Alejandro Belluscio
PD: I forgot to post to the list, sorry.
