I may actually end up just turning off load balancing on the router for now and just leave it on the web servers. Then again, it would be nice if the router did some work since it'll be on all the time using all that electricity. Is there a clever cron script I could write to manually change the master on a day to day basis? Something using 'ifconfig carp0 down'. It would be nice if the routers took turns every day rather than every few seconds/minutes.
On Tue, Nov 18, 2008 at 11:50 AM, Vivek Ayer <[EMAIL PROTECTED]> wrote: > I got that snippet from the pf book. What should I change it to? > > On Tue, Nov 18, 2008 at 4:32 AM, Marco Pfatschbacher <[EMAIL PROTECTED]> > wrote: >> On Thu, Nov 13, 2008 at 05:51:49PM -0800, Vivek Ayer wrote: >>> Yay! I got ssh and http to work on the CARP interface. Thanks. >>> >>> However, the httpd redirect is not working just yet on the CARP >>> interface for one of the computers. Does IP balancing mess up >>> redirect? >> >> Well, that depends. >> IP balancing computes a commutative hash of the source and destination >> IP to decide which node accepts the packet. >> If you do a rdr, you modify the destination, thus the hash is >> different and the returning packet might end up on another node, >> which has no knowledge about the pf-NAT state. >> >> However, if you also NAT the outgoing packet to an address that >> belongs to one node only, you'll get the reply. >> That of course means that you won't have the client's original IP >> address for your apache access logs. >> >> IP balancing is no silver bullet. >> I designed as a simple solution to build a cluster of load >> balanced servers without the need of a separate load balancer. >> A pf pair with no nat/rdr is also easy to build. Translation is hard. >> >>> Here's my current pf.conf: >> [...] >>> # Basic CARP/pfsync pass rules >>> pass on $carpdevs proto carp keep state >> >> this ^^^ is still wrong, btw. But your other rules seem to cover >> that traffic already anyway.
