Knee deep in a deployment of a load balanced web application, I've run into a bizarre requirement.
I have a HA PFSense cluster with 5 SSL load balanced virtual hosts, listening on IPs x.x.x.10-x.x.x.14. These map back to 3 backend web servers serving xxx1.com-xxx5.com. I've used this design many times, and never had a problem. However, this application has some crazy cookie stuff built in. Basically, a client may connect to xxx1.com, log in, browse some content, and then browse to xxx2.com. Since these are separate load balanced virtual servers, the PF state tracking mechanism doesn't force the client to go to the same backend server, which means that the session information is inconsistent and the application breaks. So, what I suppose I really need is a way of forcing the connection states to be per-source IP, rather than per source/dest. Is this possible? If not, other workaround suggestions would be lovely! Thanks guys, Nathan
