From owner-freebsd-pf@FreeBSD.ORG Sun Apr 2 08:24:44 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5AB5616A425 for ; Sun, 2 Apr 2006 08:24:44 +0000 (UTC) (envelope-from kzorba@otenet.gr) Received: from rosebud.otenet.gr (rosebud.otenet.gr [195.170.0.94]) by mx1.FreeBSD.org (Postfix) with ESMTP id 824B043D49 for ; Sun, 2 Apr 2006 08:24:42 +0000 (GMT) (envelope-from kzorba@otenet.gr) Received: from enigma.otenet.gr (enigma.otenet.gr [212.205.221.137]) by rosebud.otenet.gr (8.13.4.20060308/8.13.4/Debian-9) with ESMTP id k328Ofx5005854 for ; Sun, 2 Apr 2006 11:24:41 +0300 Received: by enigma.otenet.gr (Postfix, from userid 1000) id 99A82AA861; Sun, 2 Apr 2006 11:25:19 +0300 (EEST) Date: Sun, 2 Apr 2006 11:25:19 +0300 From: Kostas Zorbadelos To: freebsd-pf@freebsd.org Message-ID: <20060402082519.GA25134@enigma.otenet.gr> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.11 Subject: Address pools and load balancing issues X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Apr 2006 08:24:44 -0000 Hello to everyone. I am a newcomer to the list. I am evaluating the pf packet filter for a few months now and I like very much what I see. I have a few questions regarding address pools and load balancing. In the relevant documentation [1] it is explicitly mentioned that methods other than round-robin (bitmask, random, source-hash) work only if the address pool is expressed as a CIDR network block. Also, if the address pool is expressed as a table, then the only method allowed is round-robin. In my setup this is a problem, since I have a pool of WWW servers and I need the source-hash load balancing method where a specific client connects to the same web server (that has its http session for instance). My pool of servers is not in a continuous network block, so it cannot be expressed in a CIDR notation. Is there a way to overcome this limitation? (sticky-address is not an option since it works only as long as there are states for a client's connections) Will these restrictions go away in a next version of pf? Ideally, I would like to express all my pools as tables and have all the different algorithms for load balancing available. Thanks in advance and congratulations to all the people involved in pf for the great work. Kostas [1] http://www.openbsd.org/faq/pf/pools.html -- Kostas Zorbadelos m@il contact: kzorba (at) otenet.gr Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns.