regarding carp and nginx

Joar Jegleim joar.jegleim at gmail.com
Thu Dec 13 14:31:15 UTC 2012 

Hi,

thnx for your fast reply .
Got no ssl sessions .
There's no error code, I'm simply getting a 'Unable to connect' , as
if the server isn't there ...

I'm not expecting the active node to 'go down that often' :p if normal
behaviour would be some seconds until the passive node takes over I
could live with that, but if I've configured something wrong or
missing some important part I need to make the failover seamless I
have to make this right :p



-- 
----------------------
Joar Jegleim
Homepage: http://cosmicb.no
Linkedin: http://no.linkedin.com/in/joarjegleim
fb: http://www.facebook.com/joar.jegleim
AKA: CosmicB @Freenode

----------------------

On 13 December 2012 13:36, Samuel Martín Moro <faust64 at gmail.com> wrote:
>
>
> On Thu, Dec 13, 2012 at 1:19 PM, Joar Jegleim <joar.jegleim at gmail.com>
> wrote:
>>
>> Hi !
>>
>> I'm in the process of setting up a HA nginx proxy using carp in
>> FreeBSD 9.0-RELEASE .
>> I've got a active/passive setup where both nodes are running an nginx
>> server listening to carp0 .
>>
>> If I issue: ifconfig carp0 down on the active node, the passive node
>> takes over immediately .
>> But when I for instance issue a simple reboot from the master node,
>> then try accessing any web page through the proxy I'm getting a
>> connection error for 3-5 seconds .
>> It's kinda strange because if I ping the carp0 ip from my workstation
>> when reboot'ing the master I don't see this kind of drop in connection
>> (that is the passive node immediatly becomes master and reply my ping)
>>
>> I've tried having nginx listen to all available interfaces, same result.
>> I've tried writing a simple devd.conf rule such as:
>> notify 0 {
>>    match "system"      "IFNET";
>>    match "type"        "LINK_UP";
>>    match "subsystem"       "carp*";
>>    action "/root/bin/carpcontrol.sh $type $subsystem";
>> };
>>
>> notify 0 {
>>    match "system"      "IFNET";
>>    match "type"        "LINK_DOWN";
>>    match "subsystem"       "carp*";
>>    action "/root/bin/carpcontrol.sh $type $subsystem";
>> };
>>
>> where carpcontrol.sh got:
>> #!/bin/sh
>>
>> type=$1
>> subsystem=$2
>>
>> echo "$(date) called with type=$type and subsystem=$subsystem" >>
>> /var/log/carp/carp.log
>> /usr/local/etc/rc.d/nginx restart >> /var/log/kit/carp.log
>> 2>>/var/log/carp/carp.log
>>
>>
>> which doesn't help, I still get 3-5 seconds drop in connection if I
>> reboot the master node .
>> I've also tried to just cut the power for the master node, still
>> getting those 3-5 seconds drop .
>>
>> I've set the following in sysctl.conf
>> #Accept incoming CARP packets. Enabled by default.
>> net.inet.carp.allow=1
>> #This option downs all of the CARP interfaces on the host when one of
>> them goes down. Disabled by default
>> net.inet.carp.preempt=1
>> #A value of 0 disables any logging. A Value of 1 enables logging of
>> bad CARP packets. Values greater than 1 enables logging of state
>> changes for the CARP interfaces. The default value is 1.
>> net.inet.carp.log=2
>>
>>
>>
>> --
>> ----------------------
>> Joar Jegleim
>> Homepage: http://cosmicb.no
>> Linkedin: http://no.linkedin.com/in/joarjegleim
>> fb: http://www.facebook.com/joar.jegleim
>> AKA: CosmicB @Freenode
>>
>> ----------------------
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to
>> "freebsd-questions-unsubscribe at freebsd.org"
>
>
>
> Hi,
>
> What error code are you encountering?
>
> CARP would only deal with sharing your virtual IP.
> First, you could check about pfsync, which would sync PF states through your
> CARP cluster.
>
> Then, are you sure there is no session handling/cookies stuff on your nginx
> proxies?
> Or even: using SSL? Could this be related to your SSL handshake not being
> shared?
> Keep in mind CARP runs on OSI layer 2&3. It won't be sufficient dealing with
> applicative aspects of redundancy.
>
> Also, while playing with devd may fits your requirements, I assume you
> have'nt heard of ifstated?
> Being used to OpenBSD CARPs, I'm always using ifstated to ensure proper
> balance.
> It seems ifstated is in FreeBSD ports tree: give it a shot!
>
>
> Regards.
> --
> Samuel Martín Moro
> {EPITECH.} 2011
> SMILE - Open Source Solutions
>
> "Nobody wants to say how this works.
>  Maybe nobody knows ..."
>                       Xorg.conf(5)

More information about the freebsd-questions mailing list