On 22:45:49 Oct 18, Vivek Ayer wrote: > Actually, I feel kind of stupid for asking the question. Of course you > can never ssh into the virtual carp interface, which is what I was > trying to do. SSHing into the physical interface still works no > problem. Then again, it would be Yay..CARP is working 100%. >
You can of course use the CARP virtual interface. In fact you are supposed to use that if you setup CARP. ;) > The only thing you can do to the CARP interface (which is the public > IP in this case) is ping it, right? No. For all practical purposes that is the IP address you should use. > Granted all the redirection to my > web server still works, and the carp interface is actually the domain > IP, will I just be able to type the domain in a web browser and watch > http come up? By this, I mean: > > INTERNET --> CARP0 ---> Routers 1 and 2 ---> CARP1 ----> SWITCH ---> > CARP3 ---> Web Servers 1 and 2. > > I'm going to be CARPing my web servers as well. So how would this > work? Public IP request would go to one of the two routers which would > redirect to one of the two web servers? Basically, how would http or > named interact with the virtual interface? > You can find a good writeup on CARP here. http://www.openbsd.org/faq/pf/carp.html I have not properly understood your setup but I can give you some ideas. CARP does not redirect IP traffic. That is handled separately. However by virtue of CARP IP being virtual the redirection is handled by CARP itself. You need to think a lot on the lines of inbound or outbound CAP load balancing/fail-over. If it is a web server you probably need inbound fail-over. Then CARP handles everything for you if you access the CARP virtual IP. OpenBSD gives you several other ways to redirect traffic. relayd(8) and pf(4) trickery using route-to come to mind. I would rather that I do fail-over with CARP and load balancing with relayd and leave route-to alone... The choice is yours. -Girish
