I have the following issue with this load balancing algorythm using FW LB application redirection type setup
The lb algorythm is based on hash (sticky sip) and filters, hash is used sip on ingress side and dip on egress side (when the traffic returns from the internet)
sip1 --> lb ---> server1 ingress interface ---> server1 egress interface --> lb --internet sip2 --> lb ---> server2 ingress interface ---> server2 egress interface --> lb --internet
The issue is when ingress server 1 interface fails, the load balancer still sends the return traffic (which came from egress server2 interface back to egress server1 interface beacuse of hash.
There is a workaround using RTS on egress side but this generates too much cpu load.
The new buddy feature works but in one direction only. i.e. you can pair them as follows : if egress fails then its partner ingress fails, but cant do it the other way, i.e. if ingress fails, fail the egress so the lb wont send traffic to this.
Could someone suggest a possible solution?