You could put an OpenBSD or FreeBSD box runnig pf(4) in "front" of your web server cluster. You setup your public IP anchor and a service-VIP for your web service application.
Then you do a RDR nat into a pf(4) table. You set the contents of the table based on a shell script that checks the health of the system. I suppose you could carp between the two RDR boxes; keep state tables even too. I.e., carp was never designed to move an HA L4 address between two systems. Only to provide a HA L4 IP gateway. Bob Beck did a great presentation on this at NYCBSDcon 06. Google it and grab his slides. ~BAS On Sun, 2007-03-25 at 19:23 +0100, Ross Draper wrote: > Hi guys > > I was wondering if I could get some advice from those of you who have > successfully implemented ip address failover systems such as carp and > freevrrpd. > > I am trying to set up a high availability web loadbalancer using a pair of > freebsd 6.2 boxes. I have tried a number of ways to perform failover but > always seem to be hitting a problem. > > UCARP - Pro's:This would be my ideal solution as the startup/shutdown > scripts enable me to stop and start my applications and add aliases to > adaptors easily. > Cons: When the backup box is rebooted it always comes up advertising > itself as the master then after a few seconds revers to backup, although I > was under the impression it was supposed to wait and listen for > advertisements(it doesnt seem to). Its initial gratuitous arp as a master > is sufficient to poison any traffic from the local router to the shared ip > address. Only solution was to use arp-sk to send gratuitous arps every few > secs, however, arp-sk was a bit flakey and it was a bodge. > > CARP - Pro's: stable and built into the kernel. Could enable acive/active > arp load sharing at a later point. > Cons: There is a Freebsd bug (I've seen it discussed on the lists where > the creation and destroyal of a carp interface causes a kernel panic. > Also, there is no support for start/stop scripts. > > Freevrrpd - Pros: Mac address changing removes some of the arp timeout > issues/gratuitus arp problems and it supports start/stop scripts > Cons: I'm finding that upon rebooting the backup unit it correctly starts > as a backup, then three seconds later syslogs that it is the master and > changes its mac address accordingly. although a sniff of the network > traffic indicates it is sending the right advertisements, it never goes > into backup mode again. > > So, what am I doing wrong? are these the experiences others have had or > are there more suitable options? the loadbalancers are all single homed > and I have tried a mixture of xl, bge and fxp cards. > > Also, any links to a perl based gratuitous arp utils would be great > > Any help/suggestions much appreciated. > > Ross > > > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-cluster > To unsubscribe, send any mail to "[EMAIL PROTECTED]" _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-cluster To unsubscribe, send any mail to "[EMAIL PROTECTED]"
