Please i have a qestion in load balancing



  • thank you,
    please i have a qestion in load balancing When i enter in cpanel my account going out and Then ask a re-entry Because cpanel Does not accept entry by two Addresses



  • its generally advised to failover https traffic instead of balancing



  • thank you But I want to work by load balancing is it possible to add a rule rectify this problem



  • yes if you want to ignore advice, then you can try sticky connections:
    System=> Advanced=> Miscellaneous=> Use Sticky Connections

    to disable loadbalancing for certain destinations:

    • create a failover group (different tiers)
    • create an alias with the hosts you DONT want to loadbalance
    • create rule on the top of LAN rules with these settings: PASS/proto:any/src=lan-subnet/dst:your_alias/gateway=failover_group


  • thank you its work 100/100



  • I want to give a report on the pfsense and I need pictures of these configuration
    to disable loadbalancing for certain destinations:

    • create a failover group (different tiers)
    • create an alias with the hosts you DONT want to loadbalance
    • create rule on the top of LAN rules with these settings: PASS/proto:any/src=lan-subnet/dst:your_alias/gateway=failover_group
      please help me


  • @heper:

    its generally advised to failover https traffic instead of balancing

    Why?

    I'm using load-balancing mainly for HTTP/HTTPS without any issue (so far)
    As access is done from Squid proxy (obviously not running on pfSense but from LAN), it just works.

    What matters here is to enable the "Use sticky connection" in advanced/miscellaneous menu  ;)

    Load-balancing is not perfect but it allows almost 20 Mb/s bandwidth when load is balanced between 2 ADSL at 10 Mb/s each. Not so bad  8)


  • Rebel Alliance Developer Netgate

    @chris4916:

    @heper:

    its generally advised to failover https traffic instead of balancing

    Why?

    Sites such as banks that check the source IP address for HTTPS sessions will drop you or block you if you login from one IP address and then connect from another. Because browsers tend to create multiple connections, each of these could be using a different WAN when using load balancing.

    The only ways to ensure the traffic keeps the same IP address are:
    1. Do failover for all HTTPS (or at least the sites in question)
    2. Activate sticky, which creates a USER-to-GATEWAY pairing  so all of a particular user's traffic will leave via one WAN. Users will be balanced, but not their individual connections. This can help in some ways (like with HTTPS) but hurt in others (one user can saturate one WAN, rather than balancing)



  • Indeed sites requiring multiple session may fail.

    @jimp:

    1. Do failover for all HTTPS (or at least the sites in question)

    Which would mean to maintain alias based on fqdn and set FW rules for these aliases?

    2. Activate sticky, which creates a USER-to-GATEWAY pairing  so all of a particular user's traffic will leave via one WAN. Users will be balanced, but not their individual connections. This can help in some ways (like with HTTPS) but hurt in others (one user can saturate one WAN, rather than balancing)

    This doesn't work if using proxy does it?


  • Rebel Alliance Developer Netgate

    @chris4916:

    Which would mean to maintain alias based on fqdn and set FW rules for these aliases?

    Depends on the site. Some sites are too complicated to match that way. See many other threads on the topic.

    @chris4916:

    This doesn't work if using proxy does it?

    Load balancing doesn't work at all when using a proxy on the firewall, so it's a moot point.



  • @jimp:

    Load balancing doesn't work at all when using a proxy on the firewall, so it's a moot point.

    This is crystal clear (to me) and pretty obvious.
    I was not meaning "with proxy on pfSense"  ;)


Log in to reply