Simplest Load Balance + Failover Configuration for Alix.2D3



  • I was setting up an Alix.2D3 for a friend to load balance two DHCP Internet WAN connections (DSL+Cable), two private ip's are handed out to pfSense, 192.168.1.64 (DSL) and 192.168.12.149 (Cable Router), 192.168.0.1 is the DSL modem and 192.168.12.1 is the Cable modem Router Combo and he wanted it to be kept as simple as possible, so I only setup a Load Balance pool and two Firewall: Rules.  I'm wondering if this VERY simple configuration is OK.  It seem to work.  On the other hand, my home pfSense configuration is a total mess.






  • Looks fine. The 4th rule isn't doing anything as it'll never be matched. May want to add a rule above the third rule to use a failover pool for HTTPS, such sites tend to be unhappy with changing IPs between requests.



  • @cmb:

    Looks fine. The 4th rule isn't doing anything as it'll never be matched. May want to add a rule above the third rule to use a failover pool for HTTPS, such sites tend to be unhappy with changing IPs between requests.

    Isn't this what the sticky bit is for?



  • Yes, it is, but based on my experience….

    If You are working on some site for some time and e.g. reading lots of text and after that you want to go on other part of this site, than sticky thinks "it is new session" and it will use other output GW (session was timed out from sticky point of view). That is a problem, specialy if You are logged on that site (it will disconnect your accout) because You connect here again with different IP address (You are going from other IP or ISP respectively).
    Specialy it is problem for forums communication... after deeper reading of interesting items.... I have to login again and again....again. Or like now when I try to write this item (it is lots of time consuming for me and specialy for my english...) my session is closed or sticky connection can realocate it to other output GW and website says You are not connected now (other IP is used for sendoing this item)

    DuroM

    I hope it is true but it looks like this for me....


Log in to reply