Netgate is offering COVID-19 aid for pfSense software users, learn more.

Server Load Balancing

Two types of load balancing functionality are available in pfSense® software: Gateway and Server. Gateway load balancing enables distribution of Internet-bound traffic over multiple WAN connections. For more information on this type of load balancing, see Multiple WAN Connections. Server load balancing manages incoming traffic so it utilizes multiple internal servers for load distribution and redundancy, and is the subject of this chapter.

Server load balancing allows traffic to be distributed between multiple internal servers. It is most commonly used with web servers and SMTP servers though it can be used for any TCP service or for DNS.

While pfSense has replaced high end, high cost commercial load balancers including BigIP, Cisco LocalDirector, and more in serious production environments, pfSense is not nearly as powerful and flexible as enterprise-grade commercial load balancing solutions. It is not suitable for deployments that require extremely flexible monitoring and balancing configurations. For large or complex deployments, a more powerful solution is usually called for. However, the functionality available in pfSense suits countless sites very well for basic needs.

Full-featured load balancer packages are available for pfSense, such as HAProxy and Varnish, but the built-in load balancer based on relayd from OpenBSD does a great job for many deployments. Monitors in relayd can check proper HTTP response codes, check specific URLs, do an ICMP or TCP port check, even send a specific string and expect a specific response.

TCP services in the pfSense Load Balancer are handled in a redirect manner, meaning they work like intelligent port forwards and not like a proxy. The source address of the client is preserved when the connection is passed to internal servers, and firewall rules must allow traffic to the actual internal address of pool servers. When relayd is configured to handle DNS, however, it works like a proxy, accepting connections and creating new connections to internal servers.

Servers in Load Balancing pools are always utilized in a round-robin manner. For more advanced balancing techniques such as source hashing, try a reverse proxy package such as HAProxy instead.

See also

For additional information, you may access the Hangouts Archive to view the January 2015 Hangout on Server Load Balancing and Failover.