Pierre-Yves Ritschard wrote:
On Wed, 13 Jun 2007 15:40:36 +1000
Darren Tucker <[EMAIL PROTECTED]> wrote:
[...]
1. add a static published arp entry for the cluster address on the
balancer with its own mac address so packets aimed at the cluster
address will go to the balancer.
2. configure all cluster members with a loopback interface with the
cluster address.
3. use route-to pf rules with a next-hop to punt incoming packets to
various nodes in the cluster
I think all load balancers implementing direct server return / direct
routing use this trick.
You're not going to be able to get away without messing with arp so
you're bound to a single broadcast domain.
As long as you get the route-to right, all you need for this to work is
for the incoming packets to be routed to the balancer. What if, eg,
bgpd was configured to advertise a route to the /32 containing the
cluster address via the balancer's real IP?
Your scenario should be tried out, yes, but it is still just a ugly
hack if you ask me :)
Now you still can't really make this work with hoststated or any
other LB on OpenBSD. I'd still like to find an elegant way to do this
and integrate it with hoststated.
And just for the record what you said maps to:
pass in on $ext_if route-to { $webh1, $webh2 } round-robin proto tcp \
from any to $virt_ip port http no state
pass out on $int_if from any to $virt_ip port http no state
Wouldn't you need some kind of state here? Otherwise there's no
guarantee of the packets for a given connection always being routed to
the same physical server.
If I get the occasion I'll try it out and see how that works.
I also wonder how it would behave when setting the arp entry to that of
a carp interface.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
