Hi I've just been through the recent messages on this list and saw something similar but not exactly the same as what I was planning to implement. We've just got two new firewalls (now installed with OpenBSD 3.8, which will soon be CARPed and pfsynced) and two new webservers which we want to cluster.
Say the webservers are named internally 10.0.0.1 and 10.0.0.2. Is it possible to create two CARP interfaces, say 10.0.0.3 and 10.0.0.4, where server 10.0.0.1 is master of CARP 10.0.0.3 and 10.0.0.2 is master of CARP 10.0.0.4. Then, use rdr load balancing on the firewall to hit the .3/.4 CARP addresses, instead of the server addresses. At first glance this looks like it would work - if either server dies the other will take over master of both IPs and pf will not care. My only thought is it might complicate SSL connections which are per-IP, but then it shouldn't be a problem to make the same SSL virtual host respond to the two CARP addresses (or however many more CARP pairs I need to create for other sites). Does this sound workable, or will I need to resort to something like Pound on the webservers? Thanks Ashley
