Thank for your response, however the limitations on the featured list are not the cause of the problem. I am happy with the load balancer to equally distribute the load, also happy with the firewall not checking for a valid response. but there seems to be any other limitation not listed.
Regards, Jose Hernandez Software and Systems Senior Engineer VIDZONE DIGITAL MEDIA From: Tebano epaminonda [mailto:[email protected]] Sent: 12 June 2009 11:11 To: [email protected] Subject: RE: [pfSense Support] Inbound load balancer performance under heavy load. _____ From: [email protected] To: [email protected] Date: Fri, 12 Jun 2009 10:29:03 +0100 Subject: [pfSense Support] Inbound load balancer performance under heavy load. Hi, Yesterday we had a service launch, and pfSense inbound load balancer let me down big time. We have been using pfSense 1.2-release version installed on Dell PowerEdge R200 and CARP for redundancy for around a year now, it probed to work although we never have had a very high load. Yesterday right after we launch the service, we start getting complaints of many requests failing from users. After some investigation it was clear that the request were not getting through to our systems!!! The only indication of something going bad was the traffic graph (attached is a screen grab), it was picking up and down as never before. We did some load testing last week and the week before and we were seeing ~100Mbps constant outbound speed, we also have seen in the past ~100Mbps inbound speeds. So I first blame our IP transit provider, after contacting them, they confirmed to me that no packets were being lost or dropped anywhere in their network and that their systems were just fine. so the only other thing that could be causing the problem was pfSense. however I couldn't find any indication of anything going wrong but the traffic graph. memory and processor were fine, states table size, no packets dropped in RRD Graphs, etc. After tweaking many settings in pfSense with no joy, I finally removed the Virtual Server and created a NAT Port Forward to only one of our web servers layer at the backend. and that fixed the problem of requests not getting through and the traffic graph was again stable. I wonder if it is there any known issue with the inbound load balancer. I think the problem was with the number of source IPs or states it had to deal with (after the load balancer was removed, the states picked up to ~210000, as when load testing we tested from a bunch of ~10 IPs. The problem is that we do need load balancing, mainly for redundancy of our systems at the back end. The inbound load balancer that was set up had 3 servers in the pool and, the port was HTTPS and TCP monitor was configured Is there anything in version 1.2-release that affects the performance of the inbound load balancer? Would this performance issues go away if I upgrade to the latest stable version, currently 1.2.2? We are also thinking in getting commercial support, however we are not sure if this will help as we don't know if pfSense is actually able to take the load. Can anyone shed some light into this issues we are having? Regards, Jose Hernandez Software and Systems Senior Engineer VIDZONE DIGITAL MEDIA GET IN THE VIDZONET file:///D:/LABELS-PARTNERS/Playstation/Emails/email.jpg <http://gfx2.hotmail.com/mail/w3/ltr/i_safe.gif> The contents of this e-mail and any attachments/inserts are strictly confidential and sent for the attention of the addressee/s only. This e-mail might contain confidential and/or privileged material therefore if you are not the addressee/s, any distribution, review, disclosure, copying or other use of this e-mail and any attachments/inserts is prohibited without written provision. If received in error, please advise the sender and delete it from your system immediately. Statements and opinions expressed may not represent those of Rants Ltd and any representations or commitments in this email are subject to contract. Rants Ltd (trading as VidZone) --- Hi. >From features list: Inbound Load Balancing Inbound load balancing is used to distribute load between multiple servers. This is commonly used with web servers, mail servers, and others. Servers that fail to respond to ping requests or TCP port connections are removed from the pool. Limitations * Equally distributes load between all available servers - unable to unequally distribute load between servers at this time. * Only checks if the server responds to pings or TCP port connections. Cannot check if the server is returning valid content. More info on: http://pfsense.org/index.php?option=com_content&task=view&id=40&Itemid=43 Cheers. Tebano. _____ check out the rest of the Windows LiveT. More than mail-Windows LiveT goes way beyond your inbox. More than <http://www.microsoft.com/windows/windowslive/> messages
