round-robin sticky-address

Andrei Kolu Thu, 25 Nov 2004 04:34:02 -0800

Following configuration is for load-balancing 2*2,3Mbit HDSL lines with round-robin sticky-address features.

But I got this problem:

when there is few users- load balancing works great, but with 50 and more users periodically stops working msn-messenger and anyone unable to open any website, after couple of minutes all works fine for some time. Then it starts again... Strange is that ping works any time.


FreeBSD 5.3 RELEASE

ALTQ compiled in kernel

/etc/rc.conf
--------------------------------------
gateway_enable="YES"
hostname="server.somewhere"
ifconfig_xl0="inet 172.16.16.20 netmask 255.255.0.0"
ifconfig_xl1="00.235.00.202"
ifconfig_xl2="00.159.00.90"

sshd_enable="YES"
usbd_enable="NO"
ntpd_enable="YES"

inetd_enable="NO"
kern_securelevel_enable="NO"
sendmail_enable="NO"

pf_enable="YES"

---------------------------------------

# /etc/pf.conf
ext_if0="xl1" # external 0
ext_if1="xl2" # external 1
int_if="xl0" # internal network.
internal_net="172.16.0.0/16"
external0_addr="00.235.00.202"
external1_addr="00.159.00.90"
ext_gw0="00.235.00.201"
ext_gw1="00.159.00.89"

set timeout src.track 60

scrub in all

nat on $ext_if0 from $internal_net to any -> ($ext_if0)
nat on $ext_if1 from $internal_net to any -> ($ext_if1)

block all

# pass all outgoing packets on internal interface pass out on $int_if from any to $internal_net # pass in quick any packets destined for the gateway itself pass in quick on $int_if from $internal_net to $int_if # load balance outgoing tcp traffic from internal network. pass in on $int_if route-to { ($ext_if0 $ext_gw0), ($ext_if1 $ext_gw1) } round-robin sticky-address proto tcp from $internal_net to any flags S/SA modulate state # load balance outgoing udp and icmp traffic from internal network pass in on $int_if route-to { ($ext_if0 $ext_gw0), ($ext_if1 $ext_gw1) } round-robin sticky-address proto { udp, icmp } from internal_net to any keep state # general "pass out" rules for external interfaces pass out on $ext_if0 proto tcp from any to any flags S/SA modulate state pass out on $ext_if0 proto { udp, icmp } from any to any keep state pass out on $ext_if1 proto tcp from any to any flags S/SA modulate state pass out on $ext_if1 proto { udp, icmp } from any to any keep state

# route packets from any IPs on $ext_if0 to $ext_gw0 and the same for
# $ext_if1 and $ext_gw1
pass out on $ext_if0 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any
pass out on $ext_if1 route-to ($ext_if0 $ext_gw0) from $ext_if0 to any

# eof

round-robin sticky-address

Reply via email to