I know this discussion is going on a bit. But I was wondering If we really think it is practical using the method we are trying.
With a basic round robin configured on the firewall. The web servers can be configured to use there own software to manage there own Virtual ipaddresses. That will allow anyone to use simple or complicated setups and be os independent. The example would be where we use ucarp on our web servers to manage there Virtual IP's then if one goes down the other IP just gets migrated to another server. We manage this ucarp on an management network so there is no traffic on our dmz zone other than the required traffic. If pfsense can round robin to this vip pool then all is fine in a failure. Unless there is some flashy cunning thing that bsd can do that I am missing. ??????? -----Original Message----- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 22 July 2005 17:03 To: alan walters Cc: Bill Marquette; [email protected] Subject: Re: FW: [pfSense Support] round robin on inbound nat Thats fine and all but what if you loose a web server? We're currently working on what you have here in addition to a monitoring daemon which will remove servers from a pool if it stops answering requests. Scott On 7/22/05, alan walters <[EMAIL PROTECTED]> wrote: > Sorry that was an accident. Did not mean to send it???? > > -----Original Message----- > From: alan walters > Sent: 22 July 2005 15:11 > To: 'Bill Marquette'; Scott Ullrich > Cc: [email protected] > Subject: RE: [pfSense Support] round robin on inbound nat > > I have done some testing today with inbound NAT and carp > And round robin load balancing to test web servers. > > I added the following and it seems to work fine on bsd. > > > Following presumptions > ######################### > rl1= wan > 192.168.2.2 = carp virtual ip > > Below was the test. > ################## > > ###### Added a alias of two ip addresses > > webservers = "{ 192.168.1.2/32 192.168.1.3/32 }" > > ##### added to following rdr rule > > rdr on rl1 proto tcp from any to 192.168.2.2 port 80 -> $webservers port > 80 round-robin sticky-address > > ##### added also the following pass rule > > pass in quick on $wan proto tcp from any to { 192.168.1.2/32 > 192.168.1.3/32 } port = 80 flags S/SA keep state queue (qWANdef, > qWANacks) label "USER_RULE: NAT http test" > > > > > -----Original Message----- > From: Bill Marquette [mailto:[EMAIL PROTECTED] > Sent: 22 July 2005 06:16 > To: Scott Ullrich > Cc: alan walters; [email protected] > Subject: Re: [pfSense Support] round robin on inbound nat > > On 7/21/05, Scott Ullrich <[EMAIL PROTECTED]> wrote: > > Use carp with the arp load balancing feature. Technically it should > > sync across there but there is a outstanding bug with XMLRPC that > > we're looking at. > > > > Scott > > Wrong feature :) CARPs arp load balancing will only load balance > inbound to the firewall (if setup correctly) from a directly connected > network. What alan wants (if I understand correctly) is the ability > to put two (or more) servers on a port forward rule. That's part of > the load balancing code I'm working on - not ready yet :) Try again > after Aug 7th. > > --Bill > > > > > > > On 7/21/05, alan walters <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > I would like to try and test an inbound round robin to our test web > servers. > > > > > > Would it be possible to put a shell command In to do this. > > > > > > > > > > > > If so would this sync across a carp array. > > > > > > > > > > > > Look forward to your replies > > > > > > > > > > > > > > > -- > > > No virus found in this outgoing message. > > > Checked by AVG Anti-Virus. > > > Version: 7.0.323 / Virus Database: 267.9.2/53 - Release Date: > 20/07/2005 > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.9.2/53 - Release Date: 20/07/2005 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
