take a look at http://en.wikipedia.org/wiki/Stateful_firewall
On 3/6/08, Mike Lever <[EMAIL PROTECTED]> wrote: > > > > > Thanks Sean for the clarification. > > > > One point of clarification.. can you please define exactly what a 'state' is > ? > > > > > Regards, > > > > > > Mike Lever > > > > Tenacity Films (Pty) Ltd t/a > > Velocity Films > > > > (T) +2711-807-0100 > > (F) 086-681-7518 > > > > http://www.velocityfilms.com > > > > > > CONFIDENTIALITY CAUTION: If you have received this communication in error, > please note that it is intended for the addressee only, is privileged and > confidential and dissemination or copying prohibited. Please notify us > immediately by e-mail and return the original message. Thank you. > > > > ________________________________ > > > From: Sean Cavanaugh [mailto:[EMAIL PROTECTED] > Sent: 04 Mar 2008 07:44 PM > To: [email protected] > Subject: RE: [pfSense Support] Load Balancing further info > > > > > load balancing is fairly easy to learn. > > first step, the user sends a request (i.e. visiting www.cnn.com) > his computer will forward the request to the gateway (lets assume pfsense > set up with load balanced WAN connections) > pfsense will then assign the current connection state to a WAN interface. > this should happen with states spread evenly accross all WAN links. > as long as information being transmitted between the users computer and > www.cnn.com are part of the same stream, it will use the same connection > path on the WAN link. if the user goes to www.msnbc.com also, this will > start a new state connection on the firewall and would theoretically use a > different WAN link than the first connection to www.cnn.com. > > some issues with this is if the state is set to a very short TTL, then the > user will constantly be setting up new states and will be bouncing all over > the WAN links. this can make it really bad if theyre trying to use encrypted > protocols as it will not be valid and will more than likely be denied a lot. > > if the value is set to high, states will build up on a WAN interface and > persist longer than need be. they will however be more reliable as encrypted > protocols will have a nice stable connection. > > a misconfiguration in how the states are load balanced will lead to one WAN > link being more heavily favored than others. > > this isnt the BEST explanation but should help some. > > -Sean > > > From: [EMAIL PROTECTED] > > To: [email protected] > > Date: Tue, 4 Mar 2008 16:50:26 +0200 > > Subject: [pfSense Support] Load Balancing further info > > > > Hi, > > > > Excuse my ignorance on this one. > > > > I am having a debate with my boss. > > > > Please explain to me the basics of load balancing ? > > > > IP address x is accessing www.cnn.com > > > > It arrives at the load balancer which at that point in time pings a > > pre-determined gateway / IP address. Based on that speed, it will then > > submit the request over that line and wait for the transmission ? > > > > How does it actually decide which WAN port to send the packet ? is it > > constantly pinging on all WAN ports ? > > > > How is a typical webpage broken down into packets ? i.e. how many packets > > are there in a typical page ? > > > > Again apologies for the simple ness...just want to get my head around the > > load balancing / round robin concept. > > > > Lastly, looking at usage on the interfaces. My WAN port is showing quite > a > > bit of throughput while my OPT1 and OPT2 aren't. I have setup my system > as > > close to the manual as possible but it doesn't seem to be load balancing > > correctly. > > > > > > > > Regards, > > > > > > Mike Lever > > > > Tenacity Films (Pty) Ltd t/a > > Velocity Films > > > > (T) +2711-807-0100 > > (F) 086-681-7518 > > > > http://www.velocityfilms.com > > > > > > CONFIDENTIALITY CAUTION: If you have received this communication in > error, > > please note that it is intended for the addressee only, is privileged and > > confidential and dissemination or copying prohibited. Please notify us > > immediately by e-mail and return the original message. Thank you. > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > ________________________________ > > > Helping your favorite cause is as easy as instant messaging. You IM, we > give. Learn more. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
