Is this load balancing Idea for squid ok while using route-to or is there a better one?

Tue, 20 Nov 2007 21:26:08 -0800 

Hi,

I have two internet connections connected to my firewall now.
Both are from the same ISPs with IP addresses "IP1" and "IP2"
Both have the same gateway "GWIP"

$ext_if="IP1"
$ext_if2="IP2"

Now to load balance squid what I am doing is to tag half of the
packets comming to squid using the rules

===================================================================
pass in on $int_if inet proto tcp from $int_if:network to any port 8080 \
        keep state tag squid probability 50% label squid

pass in quick on $int_if inet proto tcp from $int_if:network to any
port { 21, 8080 } keep state

pass in on $int_if route-to { ($ext_if $gateway), ($ext_if2 $gateway)
} round-robin \
         from $int_if:network to any keep state

===================================================================

This gets half of the traffic that comes to squid tagged and labeled as 'squid'

then I have the following NAT rule for the $ext_if which is the
default route to  NAT the tagged rules ( i.e half of squid traffic )
to "IP2" on $ext_if2

=================================================

nat on $ext_if from $int_if:network to any tagged squid -> ($ext_if2)

nat on $ext_if from $int_if:network to any -> ($ext_if)

nat on $ext_if2 from $int_if:network to any -> ($ext_if2)

=================================================

and finally for the filter rules to route the tagged packets through
the second interface.

==============================================================

pass out quick on $ext_if route-to ( $ext_if2 $gateway ) inet proto tcp \
        all modulate state flags S/SA tagged squid

pass out on $ext_if route-to ( $ext_if $gateway ) proto tcp \
        all modulate state flags S/SA

pass out on $ext_if2 route-to ( $ext_if2 $gateway ) proto tcp \
        all modulate state flags S/SA

pass out on $ext_if route-to ( $ext_if $gateway ) proto { udp, icmp }
all keep state

pass out on $ext_if2 route-to ( $ext_if2 $gateway ) proto { udp, icmp
} all keep state

===============================================================

derived this Idea from

http://osdir.com/ml/openbsd.pf/2005-02/msg00124.html

after searching the archives.

Just wondering if there is a better way to do it :-)

Thank you so much especially Danny for the post :-)))))))

Kind Regards

Siju

Reply via email to