I must be missing something in my config, and I'd appreciate it if my
blunder could be pointed out to me.
I have two web servers behind a firewall (all machines are running
4.6-stable, generic kernel). The firewall has rdr & pass rules to both
web servers, with one commented out at a time. I change it manually
when I want to switch them. This same setup has been working fine since
4.4. Generally, pf routes web traffic to the primary web server
(192.168.0.9) but sometimes I use it's twin at 192.168.0.19.
Today I decided to try using carp to *not* load balance, but use the
primary and have the secondary kick in when I have the primary offline
for maintenance instead of me changing the pf rule by hand. Simple
enough. I read the man pages for carp and ifconfig, and read the
example in the FAQ. (This will eventually be load balanced in the
future if I can get MySQL clustering to work on OpenBSD... haven't tried
that yet.)
The problem is that when I access my site from an external account, my
primary never gets used, the secondary takes all connections, and to
make it worse, if the secondary (which is being used first) is taken
offline, the primary doesn't even get touched. I have to delete the
carp i/f on the secondary and reboot the primary for web access to go
back to normal.
On the primary web server:
$ sysctl net.inet.carp
net.inet.carp.allow=1
net.inet.carp.preempt=1
net.inet.carp.log=2
$ cat /etc/hostname.carp0:
inet 192.168.0.9 255.255.255.0 192.168.0.255 vhid 1 carpdev fxp0
$ cat /etc/hostname.fxp0
inet 192.168.0.2 255.255.255.0 NONE media 100baseTX mediaopt full-duplex
inet alias 192.168.0.9 255.255.255.0
inet alias 192.168.0.10 255.255.255.0
inet alias 192.168.0.11 255.255.255.0
inet alias 192.168.0.12 255.255.255.0
inet alias 192.168.0.13 255.255.255.0
$ ifconfig carp0
carp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:01
priority: 0
carp: MASTER carpdev fxp0 vhid 1 advbase 1 advskew 0
groups: carp
inet6 fe80::200:5eff:fe00:101%carp0 prefixlen 64 scopeid 0x5
inet 192.168.0.9 netmask 0xffffff00 broadcast 192.168.0.255
On the secondary web server:
$ sysctl net.inet.carp
net.inet.carp.allow=1
net.inet.carp.preempt=0
net.inet.carp.log=2
$ cat /etc/hostname.carp0
inet 192.168.0.9 255.255.255.0 192.168.0.255 vhid 2 advbase 1 advskew
100 carpdev xl0
$ cat /etc/hostname.xl0
inet 192.168.0.3 255.255.255.0 NONE media 100baseTX mediaopt full-duplex
inet alias 192.168.0.20 255.255.255.0
inet alias 192.168.0.21 255.255.255.0
inet alias 192.168.0.22 255.255.255.0
inet alias 192.168.0.23 255.255.255.0
$ ifconfig carp0
carp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:02
priority: 0
carp: MASTER carpdev xl0 vhid 2 advbase 1 advskew 100
groups: carp
inet6 fe80::200:5eff:fe00:102%carp0 prefixlen 64 scopeid 0x5
inet 192.168.0.9 netmask 0xffffff00 broadcast 192.168.0.255
I have tried making slight changes to the hostname files, such as
including "advbase 1 advskew 1" to the primary, adding and removing the
alias for .9 on the master, changing preempt=1 on the secondary, and
none of it makes any difference. I continually see what (I think)
should be the backup on the secondary server shown as a master (above),
and it takes all the web server connections. Other than my carp
experiments, everything works perfectly fine. I must be missing
something, somewhere, but I'm out of clues. Any pointers in the right
direction would be appreciated,
Thanks.
--
-RSM
