Netgate SG-1000 microFirewall

Author Topic: incoming load balancing for http, pop3 & imap  (Read 2644 times)

0 Members and 1 Guest are viewing this topic.

Offline df

  • Jr. Member
  • **
  • Posts: 32
  • Karma: +1/-0
    • View Profile
incoming load balancing for http, pop3 & imap
« on: May 02, 2006, 07:34:51 am »
Hello everyone.

I'ld like a little advice regarding the incoming load balancing feature of pfsense:

I'm running apache2+SSL on several servers that all use the same nfsd box to get their datas.

At the moment, i'm using dns round robin (thanks to tinydns) to pseudo distribute the load between each www servers.
The biggest problem was to take care of php sessions, which i managed to do using pureftpd's team sharedance application, which basicaly consists of a daemon app centralising all sessions, and a script to append to each php.ini of the www servers that will make them store the sessions via tcp connection to the centralised php session daemon app.

1) I've been lurking for quite some time on the incoming lb and was wondering if it was ensuring that a client IP adress will always be forwarded to the same balanced server.
I've seen a post in this 'Catch All' forum regarding RDP, and if i understood correctly, pfsense should be abble to make sure each IP is always forwarded to the same www server in the given pool. (?)

2) If it actually does, how would it behave in a CARP scenario with two pfsense machines ?
Like, i would think i could dns round robin www.domain.ext to pfsense1 & pfsense2 box (both CARP'ed together), each of these pfsenseX would contain the same load balancing pools to my www servers ..
But if a client IP connects to pfsense1, and is redirected let's say to www6 .. If the same client IP waits a little and than connects to pfsense2, would it still be redirected to www6 ?
In other words, would CARP synchronise incoming lb states aswell ?

3) Another thing, if i understand this correctly, incoming lb is made to work if pfsense NATs the servers of the incoming lb pool..
Could i achieve the same if pfsense is setup in bridged filtering mode ? (Which could let me keep public ip's for each of my www servers ..)
But would bridging mode still let me use CARP feature (assuming my ISP provides two uplinks, and my main switch supports port trunking) ?

4) Finaly, as my topic suggested, i'm also atm using dns round robin to divide load between a set of pop3 & imap servers.
Could incoming lb work aswell for these protocols ? or would it be only http(s) compliant at this time ..?

Thanks to whoever will be answering this post

And long live to the pfsense team !