Incoming load balancing for http, pop3 & imap



  • incoming load balancing for http, pop3 & imap
    « on: May 02, 2006, 08:34:51 am »

    Hello everyone.

    I'ld like a little advice regarding the incoming load balancing feature of pfsense:

    I'm running apache2+SSL on several servers that all use the same nfsd box to get their datas.

    At the moment, i'm using dns round robin (thanks to tinydns) to pseudo distribute the load between each www servers.
    The biggest problem was to take care of php sessions, which i managed to do using pureftpd's team sharedance application, which basicaly consists of a daemon app centralising all sessions, and a script to append to each php.ini of the www servers that will make them store the sessions via tcp connection to the centralised php session daemon app.

    1. I've been lurking for quite some time on the incoming lb and was wondering if it was ensuring that a client IP adress will always be forwarded to the same balanced server.
      I've seen a post in this 'Catch All' forum regarding RDP, and if i understood correctly, pfsense should be abble to make sure each IP is always forwarded to the same www server in the given pool. (?)

    2. If it actually does, how would it behave in a CARP scenario with two pfsense machines ?
      Like, i would think i could dns round robin www.domain.ext to pfsense1 & pfsense2 box (both CARP'ed together), each of these pfsenseX would contain the same load balancing pools to my www servers ..
      But if a client IP connects to pfsense1, and is redirected let's say to www6 .. If the same client IP waits a little and than connects to pfsense2, would it still be redirected to www6 ?
      In other words, would CARP synchronise incoming lb states aswell ?

    3. Another thing, if i understand this correctly, incoming lb is made to work if pfsense NATs the servers of the incoming lb pool..
      Could i achieve the same if pfsense is setup in bridged filtering mode ? (Which could let me keep public ip's for each of my www servers ..)
      But would bridging mode still let me use CARP feature (assuming my ISP provides two uplinks, and my main switch supports port trunking) ?

    4. Finaly, as my topic suggested, i'm also atm using dns round robin to divide load between a set of pop3 & imap servers.
      Could incoming lb work aswell for these protocols ? or would it be only http(s) compliant at this time ..?

    Thanks to whoever will be answering this post

    And long live to the pfsense team !



  • The load balancing mechanism changes between 1.2.3 and 2.0 and since I have only used inbound load balancing in 1.2.3, I will restrict my answers to that.

    There is not a way within the load balancer to isolate specific connections to a specific server, connections are load balanced using a simple red robin setup.  The better way to solve this problem is to ensure that all your web servers are sharing their session state information.  There are a number of solutions for doing this which are off-the-shelf and fairly easy to configure depending on your needs.  I recommend spending some quality time with google to find the solution that best fits your needs.

    The load balancer will only work in a NAT'd solution.  You cannot use the load balancer in a bridged configuration.


Log in to reply