Carp
OpenBSD loadbalancing and failover with relayd, pf and carp
Wow, OpenBSD is such a good network operating system! Besides the great firewall pf(4), the excellent virtual network interface carp(4), there is a tool (ships with OpenBSD) called relayd(8). The last tool makes loadbalancing available for OpenBSD.
First setup a carp device as described on both OpenBSD machines.
Now uncomment these two rules in /etc/pf.conf:
rdr-anchor "relayd/*" anchor "relayd/*"
And add these rules to enable full TCP state takeover. This means any OpenBSD machine may go down/reboot/fail while all existing connections will be taken over by the other. I have tried listening to a stream of music through this setup, it works like a charm!
pcn0 is the interface connected to your network, pcn1 is the interface that has a cross cable to the other openbsd machine. (pcn1 exists solely for pfsync, I consider the cross cable very reliable.)
pass quick on { pcn1 } proto pfsync keep state (no-sync)
pass on { pcn0 pcn1 } proto carp keep state
And edit /etc/relayd.conf to look something like this on both hosts.
ext_addr="192.168.1.123"
webhost1="192.168.1.2"
webhost2="192.168.1.3"
table <webhosts> { $webhost1 $webhost2 }
relay www {
listen on $ext_addr port http
forward to <webhosts> port http mode loadbalance check http "/" code 200
}
Add this line to /etc/rc.conf.local on both machines for starting relayd at boot time.
relayd_flags=""
Reload pf and start relayd on both machines:
- pfctl -F all -f /etc/pf.conf
- relayd
You now have a highly available, failover loadbalancer!
Carp notes
beim killen von zombies muss ein ggf. configuriertes carp-interface (HA/LB) im status 'BACKUP' sein
und darf keinesfalls 'MASTER' sein.
zu diesem zweck wird einfach der wert advskew des/der interfaces auf 254 gesetzt, was die slave-node zum master macht und der derzeitigen master zum slave.
nachdem das geschehen ist, setzt man den wert einfach zurueck auf den ursprungswert (im beispiel 10)...
die node bleibt dann der slave!
# ifconfig
carp0: flags=49<UP,LOOPBACK,RUNNING> mtu 1500
inet 192.168.0.1 netmask 0xffff0000
carp: MASTER vhid 1 advbase 0 advskew 10
carp1: flags=49<UP,LOOPBACK,RUNNING> mtu 1500
inet XX.YY.1.101 netmask 0xffffffe0
inet XX.YY.1.102 netmask 0xffffffe0
inet XX.YY.1.103 netmask 0xffffffe0
carp: MASTER vhid 99 advbase 0 advskew 10
#
# ifconfig carp0 advskew 254 && ifconfig carp1 advskew 254
#
# ifconfig
carp0: flags=49<UP,LOOPBACK,RUNNING> mtu 1500
inet 192.168.0.1 netmask 0xffff0000
carp: BACKUP vhid 1 advbase 0 advskew 254
carp1: flags=49<UP,LOOPBACK,RUNNING> mtu 1500
inet XX.YY.1.101 netmask 0xffffffe0
inet XX.YY.1.102 netmask 0xffffffe0
inet XX.YY.1.103 netmask 0xffffffe0
carp: BACKUP vhid 99 advbase 0 advskew 254
#
# ifconfig carp0 advskew 10 && ifconfig carp1 advskew 10
Siehe auch
Gdb Zombie-Prozesse los werden!
Pf Pf (PacketFilter) configuration
