Loadbalancing no go and PFsense crashes

msatter

Hi,

I have two ISP so two wan's and wanted to loadbanlance them with RC1 however I can ping both gateway's before I loadbalance. However when I activate loadblance and restart the gateway are not found so the loadbalance is not activated.

To activate the loadbalance I have to make the check IP the same as the PFsense IP however I don't get why my gateways are not pingable any more.

I have tried different approaches and different manuals for this however with no luck.

Then I have a problem with the stability of PFsense with loadbalance because it locks up the machine and only a hardreset will help. Because the filesystem might be damaged I had to reinstall PFsense a few times.

Marce

pfsense# ifconfig
em0: flags=8843 <up,broadcast,running,simplex,multicast>mtu 1500
options=b <rxcsum,txcsum,vlan_mtu>inet 192.168.1.30 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::20c:76ff:fead:8e17%em0 prefixlen 64 scopeid 0x1
ether 00:0c:76:ad:8e:17
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active
fxp0: flags=8843 <up,broadcast,running,simplex,multicast>mtu 1500
options=8 <vlan_mtu>inet XX.168.56.50 netmask 0xfffffff8 broadcast XX.168.56.55
inet6 fe80::2d0:b7ff:fe8f:7cf6%fxp0 prefixlen 64 scopeid 0x2
ether 00:d0:b7:8f:7c:f6
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
em1: flags=8843 <up,broadcast,running,simplex,multicast>mtu 1500
options=b <rxcsum,txcsum,vlan_mtu>inet6 fe80::20c:76ff:fead:8e16%em1 prefixlen 64 scopeid 0x3
inet XXX.241.60.186 netmask 0xfffffff8 broadcast XXX.241.60.191
ether 00:0c:76:ad:8e:16
media: Ethernet autoselect (10baseT/UTP <half-duplex>)
status: active
pfsync0: flags=41 <up,running>mtu 2020
pfsync: syncdev: lo0 maxupd: 128
lo0: flags=8049 <up,loopback,running,multicast>mtu 16384
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
pflog0: flags=100 <promisc>mtu 33208
l</promisc></up,loopback,running,multicast></up,running></half-duplex></rxcsum,txcsum,vlan_mtu></up,broadcast,running,simplex,multicast></full-duplex></vlan_mtu></up,broadcast,running,simplex,multicast></full-duplex></rxcsum,txcsum,vlan_mtu></up,broadcast,running,simplex,multicast>

hoba

Sounds like a piloterror to me. I know several people using loadbalancing without issues (including me in a production environment). Let us know the types of WANs you use and how you have set up the loadbalancing pool.

rexster

same problem here.

msatter

I have two wans and the first one is a SDSL 2048/2048 with fixed addresses and the second one is a ADSL and also with fixed addresses.

They are from the the same ISP so the DNS is and the the IP, gateway are different.

I have put the information in the loadbalance pool as a Gateway and the I put as gateway on the LAN - HTTP rule the gateway to Balance (just the name). I restart and both gateways of the static connection are not pingable anymore so no loadbalance pool.

hoba

You mix up routing somewhere. You entered the gateway-adresses of the WANs in the pool, not the interfaceadresses, right?

msatter

:) I have put the IP addresses (WAN and OPT1) in the IP field and the the gateway addresses in the Monitor IP field.

I thought this was the correct way…..

IP address: XXX.168.56.50 and XXX.241.60.186
Gateway: XXX.168.56.49 and XXX.241.60.185

hoba

So I guess it'S working now? ;D

msatter

No, it does not. :-\

I only replied to your posting and wrote down how I filled the field of the Loadbalancing form. I know the dat is filled in correct however one or both Wan's won't start and the firewall wil crash soon after.

hoba

I'm sure you send your routing to hell. Unless you show us your config.xml or at least relevent parts of it we can't further help you.

sullrich

@msatter:

No, it does not. :-
I only replied to your posting and wrote down how I filled the field of the Loadbalancing form. I know the dat is filled in correct however one or both Wan's won't start and the firewall wil crash soon after.

I doubt the info you filled in is correct, otherwise it would work. Seriously, this works and has been tested by many people already.

msatter

I will edit this post every time I have done a step in the setup so I don't loose any screens or logs:

Ping output:

PING XX.168.56.49 (XX.168.56.49) from XX.168.56.50: 56 data bytes
64 bytes from XX.168.56.49: icmp_seq=0 ttl=255 time=0.292 ms
64 bytes from XX.168.56.49: icmp_seq=1 ttl=255 time=0.231 ms
64 bytes from XX.168.56.49: icmp_seq=2 ttl=255 time=0.250 ms

–- XX.168.56.49 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.231/0.258/0.292/0.025 ms

Ping output:

PING XXX.241.60.185 (XXX.241.60.185) from XXX.241.60.186: 56 data bytes
64 bytes from XXX.241.60.185: icmp_seq=0 ttl=255 time=4.505 ms
64 bytes from XXX.241.60.185: icmp_seq=1 ttl=255 time=21.487 ms
64 bytes from XXX.241.60.185: icmp_seq=2 ttl=255 time=2.103 ms

--- 195.241.60.185 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.103/9.365/21.487/8.627 ms

Status log loadbalancing and both are down so I will restart the machine:

Jul 7 13:01:44 slbd[13492]: Switching to sitedown for VIP 127.0.0.1:666
Jul 7 13:01:44 slbd[13492]: ICMP poll failed for XXX.241.60.185, marking service DOWN
Jul 7 13:01:43 slbd[13492]: ICMP poll failed for XX.168.56.49, marking service DOWN
Jul 7 13:01:42 slbd[13492]: VIP 127.0.0.1:666 added real service XXX.241.60.185:666
Jul 7 13:01:42 slbd[13492]: VIP 127.0.0.1:666 added real service XX.168.56.49:666
Jul 7 13:01:42 slbd[13492]: VIP 127.0.0.1:666 sitedown at 127.0.0.1:666
Jul 7 13:01:42 slbd[13492]: VIP 127.0.0.1:666 configured as "127.0.0.1"
Jul 7 13:01:42 slbd[13492]: Using configuration file /var/etc/slbd.conf
Jul 7 13:01:42 slbd[13492]: Using r_refresh of 5000 milliseconds

I have now restarted and because the WAN and OPT1 are death I have switched my client to a different gateway to be able to post the rest.

Status log loadbalancing and both the WAN and OPT1 are still death

Jul 7 13:17:44 slbd[296]: Switching to sitedown for VIP 127.0.0.1:666
Jul 7 13:17:44 slbd[296]: ICMP poll failed for XXX.241.60.185, marking service DOWN
Jul 7 13:17:43 slbd[296]: ICMP poll failed for XX.168.56.49, marking service DOWN
Jul 7 13:17:42 slbd[296]: VIP 127.0.0.1:666 added real service 195.241.60.185:666
Jul 7 13:17:42 slbd[296]: VIP 127.0.0.1:666 added real service 82.168.56.49:666
Jul 7 13:17:42 slbd[296]: VIP 127.0.0.1:666 sitedown at 127.0.0.1:666
Jul 7 13:17:42 slbd[296]: VIP 127.0.0.1:666 configured as "127.0.0.1"
Jul 7 13:17:42 slbd[296]: Using configuration file /var/etc/slbd.conf
Jul 7 13:17:42 slbd[296]: Using r_refresh of 5000 milliseconds

config.xml removed on 11 july 2006

msatter

Eehm also this posting went death so I asume I did everyting correct and my configuration is OK and loadbalancing pool won't work for me!?!?!?

Marcel

msatter

I just gave it an other go and after I rebooted the links were still down. So I went in to the interface menu and pushed the button SAVE to restart the links.

The links are now up and running and I ping them. I'm now going to test linkdown and I have to check how Round-Robin is going to work because I did only see traffic on the first link even with al multi-treath downloader.

Any advise is very welcome.

So the links are not comming up by them selves and have to restart the links manually to fill the loadbalance pool

Marcel

I disconneted the WAN and the OPT1 did not take over and so the pool did not work. One positive thing when I reconnected the WAN it went up and presto I got the Internet back.

Marcel

hoba

Do you actually use the pool as gateway in your firewallrules?

msatter

That is correct and I have more information en conducted some tests.

When I startup the computer and look at the consolle it will state on the line for the firewall starting the different rules however it also stat 4 times "bad adress: balancer"

balancer is the name of the load balance pool and that also occured when it was Load_balancer.

Secondly I can ping from ont het PFsense prompt to gateway and then the first point behind the gateway toe the first adress of "IP adress block" and on the other I can only ping the gateway and external adresses. I don't get that.

I hope this information helps to find the problem why the load balance pool will not activate automaticly and why the backup won't work and that round-robin won't work?

Marcel

@hoba:

Do you actually use the pool as gateway in your firewallrules?

hoba

I might have a quick look at your setup if you catch me at IRC (freenode, ##pfsense). You really must be having set up something wrong.

msatter

Thanks Hoba,

I have send you by mail the config.xml and I will try a factory reset and only configure lan,want,opt and loadbalance pool and no rules….yet.

Marcel

@hoba:

I might have a quick look at your setup if you catch me at IRC (freenode, ##pfsense). You really must be having set up something wrong.

hoba

Disable advanced outbound NAT or add an outbound NAT rule for your SDSL interface
For the pool you have to use the GATEWAY IPs, not the interface IPs (in your case you can use the same gateway IP and monitor IP; for WAN it's 195.xx.xx.185, for SDSL it's 82.xx.xx.49)
Change your firewallrules at LAN to use either the default gatewy, the sdslgateway or the pool (depending how you want tu utilize your bandwidth)

Btw, I already have asked you several times if you really use the Gateway IPs and not the Interface IPs ::)
The way you have set it up you send your routing into a kind of loopback mode which leads to a crash and due to the missing outbound nat rule for SDSL Interface it was not working beyond the SDSL subnet.

msatter

Danke schön Huba!!! It works like a charm. I used a clean installation to test it so I will try tomorrow to use my original config file.

I will write more tomorrow when I have tested it with the old configuration that will adapt to the working situation.

5 Mbit that is a nice speed so surft over the Internet.

Vielen danke nochmals für die super Hilfe!! / A lot of thanks for the super help again!!

Marcel :)

hoba

Nice :D