On Fri, Jun 12, 2009 at 6:27 PM, Jose Hernandez<[email protected]> wrote: > > > -----Original Message----- > From: Ermal Luçi [mailto:[email protected]] > Sent: 12 June 2009 12:48 > To: [email protected] > Subject: Re: [pfSense Support] Inbound load balancer performance under heavy > load. > > Can you please try a later snapshot after 11062009 it seems you had > problems with sticky-connections! > Though without analysis i might be compeletly WRONG. > > Ermal > > > On Fri, Jun 12, 2009 at 12:52 PM, Jose Hernandez<[email protected]> wrote: >> It is fine Tebano, >> >> >> >> I appreciate your answer and as you said there are not other limitations >> documented nor any other issues I could find anywhere, and I did spend > some >> time researching… >> >> >> >> Regards, >> >> >> >> Jose Hernandez >> Software and Systems Senior Engineer >> VIDZONE DIGITAL MEDIA >> >> >> >> From: Tebano epaminonda [mailto:[email protected]] >> Sent: 12 June 2009 11:44 >> To: [email protected] >> Subject: RE: [pfSense Support] Inbound load balancer performance under > heavy >> load. >> >> >> >> >> >> ________________________________ >> >> From: [email protected] >> To: [email protected] >> Date: Fri, 12 Jun 2009 11:33:54 +0100 >> Subject: RE: [pfSense Support] Inbound load balancer performance under > heavy >> load. >> >> Thank for your response, however the limitations on the featured list are >> not the cause of the problem… I am happy with the load balancer to equally >> distribute the load, also happy with the firewall not checking for a valid >> response… but there seems to be any other limitation not listed… >> >> >> >> Regards, >> >> >> >> Jose Hernandez >> Software and Systems Senior Engineer >> VIDZONE DIGITAL MEDIA >> >> >> >> ------------------------------------------------------------- >> >> >> >> Hi Josè. >> >> Sorry for the misunderstanding. >> >> I was simply trying to say that there aren't other limitation (that I > know), >> except the ones I've pasted You. >> >> Probably my answer wasn't really wroten correctly... sorry! >> >> Cheers. >> >> Tebano. >> >> >> >> From: Tebano epaminonda [mailto:[email protected]] >> Sent: 12 June 2009 11:11 >> To: [email protected] >> Subject: RE: [pfSense Support] Inbound load balancer performance under > heavy >> load. >> >> >> >> >> >> ________________________________ >> >> From: [email protected] >> To: [email protected] >> Date: Fri, 12 Jun 2009 10:29:03 +0100 >> Subject: [pfSense Support] Inbound load balancer performance under heavy >> load. >> >> Hi, >> >> >> >> Yesterday we had a service launch, and pfSense inbound load balancer let > me >> down big time… We have been using pfSense 1.2-release version installed on >> Dell PowerEdge R200 and CARP for redundancy for around a year now, it > probed >> to work although we never have had a very high load. >> >> >> >> Yesterday right after we launch the service, we start getting complaints > of >> many requests failing from users. After some investigation it was clear > that >> the request were not getting through to our systems!!! >> >> >> >> The only indication of something going bad was the traffic graph (attached >> is a screen grab), it was picking up and down as never before… We did some >> load testing last week and the week before and we were seeing ~100Mbps >> constant outbound speed, we also have seen in the past ~100Mbps inbound >> speeds… So I first blame our IP transit provider, after contacting them, >> they confirmed to me that no packets were being lost or dropped anywhere > in >> their network and that their systems were just fine… so the only other > thing >> that could be causing the problem was pfSense… however I couldn’t find any >> indication of anything going wrong but the traffic graph… memory and >> processor were fine, states table size, no packets dropped in RRD Graphs, >> etc… >> >> >> >> After tweaking many settings in pfSense with no joy, I finally removed the >> Virtual Server and created a NAT Port Forward to only one of our web > servers >> layer at the backend… and that fixed the problem of requests not getting >> through and the traffic graph was again stable… I wonder if it is there > any >> known issue with the inbound load balancer… I think the problem was with > the >> number of source IPs or states it had to deal with (after the load > balancer >> was removed, the states picked up to ~210000, as when load testing we > tested >> from a bunch of ~10 IPs… >> >> >> >> The problem is that we do need load balancing, mainly for redundancy of > our >> systems at the back end… >> >> >> >> The inbound load balancer that was set up had 3 servers in the pool and, > the >> port was HTTPS and TCP monitor was configured >> >> >> >> Is there anything in version 1.2-release that affects the performance of > the >> inbound load balancer? Would this performance issues go away if I upgrade > to >> the latest stable version, currently 1.2.2? >> >> >> >> We are also thinking in getting commercial support, however we are not > sure >> if this will help as we don’t know if pfSense is actually able to take the >> load… >> >> >> >> Can anyone shed some light into this issues we are having? >> >> >> >> Regards, >> >> >> >> Jose Hernandez >> >> Software and Systems Senior Engineer >> >> VIDZONE DIGITAL MEDIA >> >> >> >> GET IN THE VIDZONE™ >> >> >> >> >> >> >> >> The contents of this e-mail and any attachments/inserts are strictly >> confidential and sent for the attention of the addressee/s only. This > e-mail >> might contain confidential and/or privileged material therefore if you are >> not the addressee/s, any distribution, review, disclosure, copying or > other >> use of this e-mail and any attachments/inserts is prohibited without > written >> provision. If received in error, please advise the sender and delete it > from >> your system immediately. Statements and opinions expressed may not > represent >> those of Rants Ltd and any representations or commitments in this email > are >> subject to contract. >> >> Rants Ltd (trading as VidZone) >> >> >> >> >> >> --- >> >> >> >> Hi. >> >> From features list: >> >> Inbound Load Balancing >> >> Inbound load balancing is used to distribute load between multiple > servers. >> This is commonly used with web servers, mail servers, and others. Servers >> that fail to respond to ping requests or TCP port connections are removed >> from the pool. >> >> Limitations >> >> Equally distributes load between all available servers - unable to > unequally >> distribute load between servers at this time. >> Only checks if the server responds to pings or TCP port connections. > Cannot >> check if the server is returning valid content. >> >> More info on: >> http://pfsense.org/index.php?option=com_content&task=view&id=40&Itemid=43 >> >> Cheers. >> Tebano. >> >> >> >> ________________________________ >> >> check out the rest of the Windows Live™. More than mail–Windows Live™ goes >> way beyond your inbox. More than messages >> >> >> >> ________________________________ >> >> check out the rest of the Windows Live™. More than mail–Windows Live™ goes >> way beyond your inbox. More than messages > > > > -- > Ermal > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > Commercial support available - https://portal.pfsense.org > > Hi Erma, > > You say that the problem would be with the sticky-connection... is that a > fact? I don't really need sticky connections... In the middle of the crisis, > I did removed the sticky-connections from the Advanced menu, but that didn't > fix the problem, although I didn't restart pfsense nor sldb... is this > change picked as soon as it is saved? > > If I remove the sticky connections and restart pfsense or sldb, would this > fix the problem? > > About trying another version, I would, but this is now a global service and > I need to be sure that the problem is going to be fixed... or at least a > convincing explanation of what I am trying, have been any bug fixes in the > latest release for the load balancer? Were those fixed bugs the reason the > load balancer was failing for me? as I cannot just try and bring the service > down for no other reason than trying. >
It has a patch to fix those. SLBD adds the sticky option by default to its rules so you cannot deactivate from the Advanced menu option. And it makes no sense to remove it cause otherwise you might see other problems. > Regards, > Jose > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > Commercial support available - https://portal.pfsense.org > > -- Ermal --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
