Hello, I'm currently using 4 active-active OpenBSD 4.4 servers as a fully redundant firewall. CARP has been configured on the internal interfaces to expose the load-balanced IP address using ip-stealth on the four carpnodes.
Each OpenBSD server has a different external IP address and I've recently received reports of problems with some streaming video or SSL-enabled websites. For example, one user would visit a website to view a Flash or Silverlight video. The first 30 seconds of the video is an ad. Once the ad is completed, the real content is streamed. The problem comes from the fact that the user might go through server A initially but after the 30 secs is over, it'll fetch the rest (by reconnecting) through server B, which has of course a different external IP. That results (in this case) in the user seing the ad over and over and never be able to stream the real video. Similar issues exist with some webmails out there that check the source IP address for session information (so users keep having to log back in). Is there any solution to this problem using ip-stealth? (I cannot user arp-based balancing) Thanks,
