Sylwester S. Biernacki wrote:
On Friday, October 27, 2006, at 12:23:24, Pete Vickers wrote:
Hi Berk,
I'm really intereted in this. I have a load of legacy tcp session
based load balancing with I'd love to migrate to an OpenBSD/pf based
solution. Do you have a patch with applies cleanly to 4.0 ?
afair this patch is applied in -current tree and we are using it for a
few weeks now and works preety well.
We are rdring all traffic between 3 servers in farm: 10.0.0.13,14,15
so we are using -k 0.0.0.0/0 :-)
If you're not using sticky addresses, you don't need the patch.
If you're using them, you should use the patch and kill the lingering
src-track entries with pfctl option '-K' (capital K)
i.e:
removeweb() (
# Remove from backend pool
pfctl -t $1 -Td $2
# Kill states destinated to it
pfctl -k 0.0.0.0/0 -k $2
# Kill sticky src-track entries destinated to it
pfctl -K 0.0.0.0/0 -K $2
)
