We have 2 OpenBSD 3.7 pf-firewalls which are redundant through CARP.
I have been experiencing problems in a client setup, but I am unable to
reproduce it in our testlab at this moment.
I have a CARP interface which has a couple of aliases on it. These
adresses are port forwarded and NAT'ed to and from an private range.
Load balancing is enabled on CARP.
The problem that I saw at the client is that from certain external
adresses I was unable to reach the uneven ip addresses. While from
another external address I was unable to reach the even ip addresses.
I'm now wondering if this could be due to the load balancing
implementation of pf. Does someone here have in depth knowledge of it's
implementation?
The behaviour seems like a typical OSPF implementation that I have seen
before: Balancing based on the sum of the source and destination ip
address. If the sum is even take one route, if the sum is uneven take
the other. Is pf's CARP loadbalancing based on the same idea?
--
Enriko Groen
Zoranet systems administrator
[EMAIL PROTECTED] // +31 38 455 95 62
Zoranet // 8025 BS 6c // Zwolle // Netherlands
