next »

[msatter]

Hi,

I have two ISP so two wan's and wanted to loadbanlance them with RC1 however I can ping both gateway's before I loadbalance. However when I activate loadblance and restart the gateway are not found so the loadbalance is not activated.

To activate the loadbalance I have to make the check IP the same as the PFsense IP however I don't get why my gateways are not pingable any more.

I have tried different approaches and different manuals for this however with no luck.

Then I have a problem with the stability of PFsense with loadbalance because it locks up the machine and only a hardreset will help. Because the filesystem might be damaged I had to reinstall PFsense a few times.

Marce

pfsense# ifconfig
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=b<RXCSUM,TXCSUM,VLAN_MTU>
        inet 192.168.1.30 netmask 0xffffff00 broadcast 192.168.1.255
        inet6 fe80::20c:76ff:fead:8e17%em0 prefixlen 64 scopeid 0x1
        ether 00:0c:76:ad:8e:17
        media: Ethernet autoselect (1000baseTX <full-duplex>)
        status: active
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=8<VLAN_MTU>
        inet XX.168.56.50 netmask 0xfffffff8 broadcast XX.168.56.55
        inet6 fe80::2d0:b7ff:fe8f:7cf6%fxp0 prefixlen 64 scopeid 0x2
        ether 00:d0:b7:8f:7c:f6
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=b<RXCSUM,TXCSUM,VLAN_MTU>
        inet6 fe80::20c:76ff:fead:8e16%em1 prefixlen 64 scopeid 0x3
        inet XXX.241.60.186 netmask 0xfffffff8 broadcast XXX.241.60.191
        ether 00:0c:76:ad:8e:16
        media: Ethernet autoselect (10baseT/UTP <half-duplex>)
        status: active
pfsync0: flags=41<UP,RUNNING> mtu 2020
        pfsync: syncdev: lo0 maxupd: 128
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
pflog0: flags=100<PROMISC> mtu 33208
l

[hoba]

Sounds like a piloterror to me. I know several people using loadbalancing without issues (including me in a production environment). Let us know the types of WANs you use and how you have set up the loadbalancing pool.

[rexster]

same problem here.

[msatter]

I have two wans and the first one is a SDSL 2048/2048 with fixed addresses and the second one is a ADSL and also with fixed addresses.

They are from the the same ISP so the DNS is and the the IP, gateway are different.

I have put the information in the loadbalance pool as a Gateway and the I put as gateway on the LAN - HTTP rule the gateway to Balance (just the name). I restart and both gateways of the static connection are not pingable anymore so no loadbalance pool.

[hoba]

You mix up routing somewhere. You entered the gateway-adresses of the WANs in the pool, not the interfaceadresses, right?

[msatter]

  I have put the IP addresses (WAN and OPT1) in the IP field and the the gateway addresses in the Monitor IP field.

I thought this was the correct way.....

IP address: XXX.168.56.50 and XXX.241.60.186
Gateway: XXX.168.56.49 and XXX.241.60.185

[hoba]

So I guess it'S working now? 

[msatter]

No, it does not. 

I only replied to your posting and wrote down how I filled the field of the Loadbalancing form. I know the dat is filled in correct however one or both Wan's won't start and the firewall wil crash soon after.

[hoba]

I'm sure you send your routing to hell. Unless you show us your config.xml or at least relevent parts of it we can't further help you.

[sullrich]

No, it does not. 
I only replied to your posting and wrote down how I filled the field of the Loadbalancing form. I know the dat is filled in correct however one or both Wan's won't start and the firewall wil crash soon after.

I doubt the info you filled in is correct, otherwise it would work.  Seriously, this works and has been tested by many people already.

[msatter]

I will edit this post every time I have done a step in the setup so I don't loose any screens or logs:

Ping output:

PING XX.168.56.49 (XX.168.56.49) from XX.168.56.50: 56 data bytes
64 bytes from XX.168.56.49: icmp_seq=0 ttl=255 time=0.292 ms
64 bytes from XX.168.56.49: icmp_seq=1 ttl=255 time=0.231 ms
64 bytes from XX.168.56.49: icmp_seq=2 ttl=255 time=0.250 ms

--- XX.168.56.49 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.231/0.258/0.292/0.025 ms

Ping output:

PING XXX.241.60.185 (XXX.241.60.185) from XXX.241.60.186: 56 data bytes
64 bytes from XXX.241.60.185: icmp_seq=0 ttl=255 time=4.505 ms
64 bytes from XXX.241.60.185: icmp_seq=1 ttl=255 time=21.487 ms
64 bytes from XXX.241.60.185: icmp_seq=2 ttl=255 time=2.103 ms

--- 195.241.60.185 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.103/9.365/21.487/8.627 ms

Status log loadbalancing and both are down so I will restart the machine:

Jul 7 13:01:44    slbd[13492]: Switching to sitedown for VIP 127.0.0.1:666
Jul 7 13:01:44    slbd[13492]: ICMP poll failed for XXX.241.60.185, marking service DOWN
Jul 7 13:01:43    slbd[13492]: ICMP poll failed for XX.168.56.49, marking service DOWN
Jul 7 13:01:42    slbd[13492]: VIP 127.0.0.1:666 added real service XXX.241.60.185:666
Jul 7 13:01:42    slbd[13492]: VIP 127.0.0.1:666 added real service XX.168.56.49:666
Jul 7 13:01:42    slbd[13492]: VIP 127.0.0.1:666 sitedown at 127.0.0.1:666
Jul 7 13:01:42    slbd[13492]: VIP 127.0.0.1:666 configured as "127.0.0.1"
Jul 7 13:01:42    slbd[13492]: Using configuration file /var/etc/slbd.conf
Jul 7 13:01:42    slbd[13492]: Using r_refresh of 5000 milliseconds

I have now restarted and because the WAN and OPT1 are death I have switched my client to a different gateway to be able to post the rest.

Status log loadbalancing and both the WAN and OPT1 are still death

Jul 7 13:17:44    slbd[296]: Switching to sitedown for VIP 127.0.0.1:666
Jul 7 13:17:44    slbd[296]: ICMP poll failed for XXX.241.60.185, marking service DOWN
Jul 7 13:17:43    slbd[296]: ICMP poll failed for XX.168.56.49, marking service DOWN
Jul 7 13:17:42    slbd[296]: VIP 127.0.0.1:666 added real service 195.241.60.185:666
Jul 7 13:17:42    slbd[296]: VIP 127.0.0.1:666 added real service 82.168.56.49:666
Jul 7 13:17:42    slbd[296]: VIP 127.0.0.1:666 sitedown at 127.0.0.1:666
Jul 7 13:17:42    slbd[296]: VIP 127.0.0.1:666 configured as "127.0.0.1"
Jul 7 13:17:42    slbd[296]: Using configuration file /var/etc/slbd.conf
Jul 7 13:17:42    slbd[296]: Using r_refresh of 5000 milliseconds

config.xml removed on 11 july 2006

[msatter]

Eehm also this posting went death so I asume I did everyting correct and my configuration is OK and loadbalancing pool won't work for me!?!?!?

Marcel

[msatter]

I just gave it an other go and after I rebooted the links were still down. So I went in to the interface menu and pushed the button SAVE to restart the links.

The links are now up and running and I ping them. I'm now going to test linkdown and I have to check how Round-Robin is going to work because I did only see traffic on the first link even with al multi-treath downloader.

Any advise is very welcome.

So the links are not comming up by them selves and have to restart the links manually to fill the loadbalance pool

Marcel

I disconneted the WAN and the OPT1 did not take over and so the pool did not work. One positive thing when I reconnected the WAN it went up and presto I got the Internet back.

Marcel

[hoba]

Do you actually use the pool as gateway in your firewallrules?

[msatter]

That is correct and I have more information en conducted some tests.

When I startup the computer and look at the consolle it will state on the line for the firewall starting the different rules however it also stat 4 times "bad adress: balancer"

balancer is the name of the load balance pool and that also occured when it was Load_balancer.

Secondly I can ping from ont het PFsense prompt to gateway and then the first point behind the gateway toe the first adress of "IP adress block" and on the other I can only ping the gateway and external adresses. I don't get that.

I hope this information helps to find the problem why the load balance pool will not activate automaticly and why the backup won't work and that round-robin won't work?

Marcel

Do you actually use the pool as gateway in your firewallrules?