Hey all, I just spent about an hour and a half checking the associated mailing lists. I apologize ahead of time in case I missed a recent discussion.
My company is starting to evaluate new firewall/load balancing options to replace our aging and obfuscated infrastructure. We're looking at everything viable on the market, and I'm looking specifically into OpenBSD, out of personal preference. I understand there's software like slbd which will add/remove servers from a round-robin mechanism, but I would like to know if there are any current plans for expanding on PF's internal load balancing systems? I won't put out a wishlist just yet, in case there are plans/patches in the process. The systems we're looking for must be able to handle a large load (well over 30,000 packets per second, 50,000+ firewall states, and a lot of separate server pools). Various features are nice, but not all necessary up front. Cost is not an issue; we would buy the fastest intel/AMD based machine with the highest quality cards that OpenBSD 3.6 can handle, with as much ram as needed. Our ultimate goal is to end up with two or three machines in a CARP failover/load balancing cluster with pfsync going, while also having those handle the load balancing. I have faith in 3.6 for the first part, but not the latter just now. If there are plans, or no plans, what could we possibly offer that might help a process start and/or move? We're open to anything but (probably) good patches from us. Seriously, donations or whatever are possible, just let us know. My C is weak, and while I can probably read and understand the code I don't have much of a chance of successfully submitting patches to PF on my own right now. I do have a lot of experience with load balancing, and have written/adjusted a handful of algorithms in the past under projects such as mod_backhand. As well as experience in using a number of "higher end" load balancer products under very high load, so I could certainly participate in a constructive discussion with code flow examples. Thanks a lot, -Alan
