On Tue, Oct 27, 2009 at 10:55 PM, Scott <sc...@erratic.ca> wrote: > I must be missing something in my config, and I'd appreciate it if my > blunder could be pointed out to me. > > I have two web servers behind a firewall (all machines are running > 4.6-stable, generic kernel). The firewall has rdr & pass rules to both web > servers, with one commented out at a time. I change it manually when I want > to switch them. This same setup has been working fine since 4.4. > Generally, pf routes web traffic to the primary web server (192.168.0.9) > but sometimes I use it's twin at 192.168.0.19. > > Today I decided to try using carp to *not* load balance, but use the > primary and have the secondary kick in when I have the primary offline > for maintenance instead of me changing the pf rule by hand. Simple > enough. I read the man pages for carp and ifconfig, and read the > example in the FAQ. (This will eventually be load balanced in the > future if I can get MySQL clustering to work on OpenBSD... haven't tried > that yet.) > > The problem is that when I access my site from an external account, my > primary never gets used, the secondary takes all connections, and to make it > worse, if the secondary (which is being used first) is taken offline, the > primary doesn't even get touched. I have to delete the carp i/f on the > secondary and reboot the primary for web access to go back to normal. > > On the primary web server: > > $ sysctl net.inet.carp > net.inet.carp.allow=1 > net.inet.carp.preempt=1 > net.inet.carp.log=2 > > $ cat /etc/hostname.carp0: > inet 192.168.0.9 255.255.255.0 192.168.0.255 vhid 1 carpdev fxp0 > > $ cat /etc/hostname.fxp0 > inet 192.168.0.2 255.255.255.0 NONE media 100baseTX mediaopt full-duplex > inet alias 192.168.0.9 255.255.255.0 > inet alias 192.168.0.10 255.255.255.0 > inet alias 192.168.0.11 255.255.255.0 > inet alias 192.168.0.12 255.255.255.0 > inet alias 192.168.0.13 255.255.255.0 > > $ ifconfig carp0 > carp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > lladdr 00:00:5e:00:01:01 > priority: 0 > carp: MASTER carpdev fxp0 vhid 1 advbase 1 advskew 0 > groups: carp > inet6 fe80::200:5eff:fe00:101%carp0 prefixlen 64 scopeid 0x5 > inet 192.168.0.9 netmask 0xffffff00 broadcast 192.168.0.255 > > > On the secondary web server: > > $ sysctl net.inet.carp > net.inet.carp.allow=1 > net.inet.carp.preempt=0 > net.inet.carp.log=2 > > $ cat /etc/hostname.carp0 > inet 192.168.0.9 255.255.255.0 192.168.0.255 vhid 2 advbase 1 advskew > 100 carpdev xl0 > > $ cat /etc/hostname.xl0 > inet 192.168.0.3 255.255.255.0 NONE media 100baseTX mediaopt full-duplex > inet alias 192.168.0.20 255.255.255.0 > inet alias 192.168.0.21 255.255.255.0 > inet alias 192.168.0.22 255.255.255.0 > inet alias 192.168.0.23 255.255.255.0 > > $ ifconfig carp0 > carp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > lladdr 00:00:5e:00:01:02 > priority: 0 > carp: MASTER carpdev xl0 vhid 2 advbase 1 advskew 100 > groups: carp > inet6 fe80::200:5eff:fe00:102%carp0 prefixlen 64 scopeid 0x5 > inet 192.168.0.9 netmask 0xffffff00 broadcast 192.168.0.255 > > > I have tried making slight changes to the hostname files, such as > including "advbase 1 advskew 1" to the primary, adding and removing the > alias for .9 on the master, changing preempt=1 on the secondary, and none of > it makes any difference. I continually see what (I think) should be the > backup on the secondary server shown as a master (above), and it takes all > the web server connections. Other than my carp experiments, everything > works perfectly fine. I must be missing > something, somewhere, but I'm out of clues. Any pointers in the right > direction would be appreciated, > Thanks. > > -- > > -RSM > >
I do believe preempt should be 1 on both servers. Let the advskew handle which one is primary. What do you see for output of 'netstat -s -p carp' and 'netstat -s -p pfsync' -B