Firewall Wizards mailing list archives
FW-1 load balancing is unbalanced
From: Neil Ratzlaff <Neil.Ratzlaff () ucop edu>
Date: Mon, 03 Nov 1997 14:42:04 -0800
I am trying to use FireWall-1 (solaris 2.5.1 on Sparc20, running FW 3.0b) for load balancing a group of https web servers (type = Other, method = Round Robin). The certificate is for a virtual machine on the same subnet as the servers. I started with 2 servers and things worked well. I added a third server to the server group, and this server began to get the majority of hits. When the third server is not in the group but still available directly on the WWW, it gets almost no hits. This is very reproducible, as I can move the server in and out of the group and see the same responses every time. There are two types of hits: a cgi script which is a major CPU load and some graphics. The third server grabs almost all the CGI hits, leaving the other two servers to deal with the graphics. Yes, I have tried reinstalling the policy. I have run snoop on the external interface, and see nothing coming in directed to the third server. All inbound packets are coming to the virtual server. A.B.C.4 and A.B.C.11 are the first two addresses, and A.B.C.1 is the third. I am beginning to wonder if FW-1 thinks that X.Y.Z.1 is a special address for load balancing. Something appears to be weighting FW-1 load balancing in favor of that machine, but I have no clue as to what it might be. I am almost desparate enough to change the IP address of the third machine, just to see if it helps. Does anyone have load balancing working? Does anyone have any suggestions for me? Thanks for any help, Neil
Current thread:
- FW-1 load balancing is unbalanced Neil Ratzlaff (Nov 03)
- Re: FW-1 load balancing is unbalanced Chad Schieken (Nov 04)