Date: Sat, 31 Mar 2007 17:17:20 -0500 From: "Brian A. Seklecki" <bseklecki@collaborativefusion.com> To: Ross Draper <ross@virtualgeek.net> Cc: freebsd-cluster@freebsd.org Subject: Re: Vrrp/CARP/UCarp Problems Message-ID: <1175379440.7585.58.camel@ingress> In-Reply-To: <48279.83.104.128.109.1174847030.squirrel@virtualgeek.net> References: <48279.83.104.128.109.1174847030.squirrel@virtualgeek.net>
next in thread | previous in thread | raw e-mail | index | archive | help
You could put an OpenBSD or FreeBSD box runnig pf(4) in "front" of your web server cluster. You setup your public IP anchor and a service-VIP for your web service application. Then you do a RDR nat into a pf(4) table. You set the contents of the table based on a shell script that checks the health of the system. I suppose you could carp between the two RDR boxes; keep state tables even too. I.e., carp was never designed to move an HA L4 address between two systems. Only to provide a HA L4 IP gateway. Bob Beck did a great presentation on this at NYCBSDcon 06. Google it and grab his slides. ~BAS On Sun, 2007-03-25 at 19:23 +0100, Ross Draper wrote: > Hi guys > > I was wondering if I could get some advice from those of you who have > successfully implemented ip address failover systems such as carp and > freevrrpd. > > I am trying to set up a high availability web loadbalancer using a pair of > freebsd 6.2 boxes. I have tried a number of ways to perform failover but > always seem to be hitting a problem. > > UCARP - Pro's:This would be my ideal solution as the startup/shutdown > scripts enable me to stop and start my applications and add aliases to > adaptors easily. > Cons: When the backup box is rebooted it always comes up advertising > itself as the master then after a few seconds revers to backup, although I > was under the impression it was supposed to wait and listen for > advertisements(it doesnt seem to). Its initial gratuitous arp as a master > is sufficient to poison any traffic from the local router to the shared ip > address. Only solution was to use arp-sk to send gratuitous arps every few > secs, however, arp-sk was a bit flakey and it was a bodge. > > CARP - Pro's: stable and built into the kernel. Could enable acive/active > arp load sharing at a later point. > Cons: There is a Freebsd bug (I've seen it discussed on the lists where > the creation and destroyal of a carp interface causes a kernel panic. > Also, there is no support for start/stop scripts. > > Freevrrpd - Pros: Mac address changing removes some of the arp timeout > issues/gratuitus arp problems and it supports start/stop scripts > Cons: I'm finding that upon rebooting the backup unit it correctly starts > as a backup, then three seconds later syslogs that it is the master and > changes its mac address accordingly. although a sniff of the network > traffic indicates it is sending the right advertisements, it never goes > into backup mode again. > > So, what am I doing wrong? are these the experiences others have had or > are there more suitable options? the loadbalancers are all single homed > and I have tried a mixture of xl, bge and fxp cards. > > Also, any links to a perl based gratuitous arp utils would be great > > Any help/suggestions much appreciated. > > Ross > > > _______________________________________________ > freebsd-cluster@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-cluster > To unsubscribe, send any mail to "freebsd-cluster-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1175379440.7585.58.camel>