Vrrp/CARP/UCarp Problems

[Brian A. Seklecki]

You could put an OpenBSD or FreeBSD box runnig pf(4) in "front" of your
web server cluster.  You setup your public IP anchor and a service-VIP
for your web service application. 

Then you do a RDR nat into a pf(4) table.  You set the contents of the
table based on a shell script that checks the health of the system.

I suppose you could carp between the two RDR boxes; keep state tables
even too.

I.e., carp was never designed to move an HA L4 address between two
systems.  Only to provide a HA L4 IP gateway.

Bob Beck did a great presentation on this at NYCBSDcon 06.  Google it
and grab his slides.

~BAS

On Sun, 2007-03-25 at 19:23 +0100, Ross Draper wrote:
> Hi guys
> 
> I was wondering if I could get some advice from those of you who have
> successfully implemented ip address failover systems such as carp and
> freevrrpd.
> 
> I am trying to set up a high availability web loadbalancer using a pair of
> freebsd 6.2 boxes. I have tried a number of ways to perform failover but
> always seem to be hitting a problem.
> 
> UCARP - Pro's:This would be my ideal solution as the startup/shutdown
> scripts enable me to stop and start my applications and add aliases to
> adaptors easily.
> Cons: When the backup box is rebooted it always comes up advertising
> itself as the master then after a few seconds revers to backup, although I
> was under the impression it was supposed to wait and listen for
> advertisements(it doesnt seem to). Its initial gratuitous arp as a master
> is sufficient to poison any traffic from the local router to the shared ip
> address. Only solution was to use arp-sk to send gratuitous arps every few
> secs, however, arp-sk was a bit flakey and it was a bodge.
> 
> CARP - Pro's: stable and built into the kernel. Could enable acive/active
> arp load sharing at a later point.
> Cons: There is a Freebsd bug (I've seen it discussed on the lists where
> the creation and destroyal of a carp interface causes a kernel panic.
> Also, there is no support for start/stop scripts.
> 
> Freevrrpd - Pros: Mac address changing removes some of the arp timeout
> issues/gratuitus arp problems and it supports start/stop scripts
> Cons: I'm finding that upon rebooting the backup unit it correctly starts
> as a backup, then three seconds later syslogs that it is the master and
> changes its mac address accordingly. although a sniff of the network
> traffic indicates it is sending the right advertisements, it never goes
> into backup mode again.
> 
> So, what am I doing wrong? are these the experiences others have had or
> are there more suitable options?  the loadbalancers are all single homed
> and I have tried a mixture of xl, bge and fxp cards.
> 
> Also, any links to a perl based gratuitous arp utils would be great
> 
> Any help/suggestions much appreciated.
> 
> Ross
> 
> 
> _______________________________________________
> freebsd-cluster at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-cluster
> To unsubscribe, send any mail to "freebsd-cluster-unsubscribe at freebsd.org"