DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 2nd September 2009
revzalot's Avatar
revzalot revzalot is offline
Shell Scout
 
Join Date: May 2008
Posts: 123
Default Clustering with CARP

I've been reading about CARP lately and I'd like to know if it's possible to use CARP for clustering web and mail servers? I know CARP is used for failover but what other services/software would you recommend on clustering two or more OBSD mail/web servers?
Reply With Quote
  #2   (View Single Post)  
Old 2nd September 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

CARP provides the ability for multiple systems to share a single IP address, for high availability (HA) requirements where a single IP address must be used. That's all it does. It is perfect for discrete transactions, such as packet routing. Applications that must share information between servers are not a good fit for CARP alone. The example I would point to is PF; in order to share state table information between routers, the pfsync(4) driver had to be developed.

On the other hand, there are any number of applications that are conducive to "server farm" operations. These are typically multi-tier environments, such as a farm of websevers driving application servers with back end data servers. And these sorts of applications use load balancers to support a pool of webservers, and the web servers will drive a pool of application servers, and then the database servers might be in HA configurations for additional redundancy. None of these share the same IP address within the farm, so CARP would be unnecessary.

PF can be load balancer, by the way. See the "Address Pools and Load Balancing" chapter of the PF Users Guide.
Reply With Quote
  #3   (View Single Post)  
Old 3rd September 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Here's a graphic from one of Bob Beck's (beck@) presentations on spamd(8). This one shows nine different servers involved with e-mail processing at the University of Alberta in 2006. Note that the bastion routers are running CARP and acting as round-robin load balancers.

http://www.ualberta.ca/~beck/nycbug06/spamd/mgp00019.html
Reply With Quote
  #4   (View Single Post)  
Old 12th September 2009
revzalot's Avatar
revzalot revzalot is offline
Shell Scout
 
Join Date: May 2008
Posts: 123
Default

Wow nice setup and I'm going to attemp to follow that example with minor tweaks. On the firewall side, I'm satfisfied with CARP/PFsync.

The beauty of OBSD is that apache and bind are chrooted by default! I've already setup an OBAMP and a virtual mail server using postfix,mysql,etc. I'm going to setup another server and clone it. Both servers will have two nics each - one serving to the public and the other hooked via crossover cable for syncing with rsync. I guess rsync/cron will provide the clustering. But one server will be the master dns server while the other will secondary/slave and will be setup for DNS round robin. My question now is rsync adequated for clustering/heartbeat or does OBSD have something better? I've taken a look at Linux-HA but that's another steep learning curve. With rsync I can tell cron to rsync every 5 minutes?? How would I use rsync properly for clustering?

Last edited by revzalot; 12th September 2009 at 01:27 AM.
Reply With Quote
  #5   (View Single Post)  
Old 12th September 2009
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by revzalot View Post
But one server will be the master dns server while the other will secondary/slave and will be setup for DNS round robin.
This isn't the type of scenario in which CARP is envisioned to solve. You are mixing metaphors.

As a technology useful to implement redundancy, it is more common to set up the same functionality on each CARP server such that service is always available from somewhere. Instead of using CARP to connect a DNS master to its slave (which by definition isn't a model of true redundancy, but rather as a limited backup...), CARP is better used to connect two servers which both act as masters or both act as slaves.

In fact, this is the model proposed by ai-danno (who visits this forum from time to time...) several versions ago for OpenBSD 4.2:

http://openbsd-wiki.org/index.php?ti...nt_caching-DNS

However, be forewarned that the information is dated. Such articles bordering on how-to's do not absolve readers from doing their homework. Study the manpages.
Reply With Quote
  #6   (View Single Post)  
Old 12th September 2009
revzalot's Avatar
revzalot revzalot is offline
Shell Scout
 
Join Date: May 2008
Posts: 123
Default

Excellent post Ocicat! Thanks buddy I'll check it out.
Reply With Quote
  #7   (View Single Post)  
Old 13th September 2009
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default

Are you aware of relayd?

The EXAMPLE section of the relayd.conf man page has an example of load balancing 4 web servers.

I haven't got the chance to play with it yet though
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #8   (View Single Post)  
Old 13th September 2009
revzalot's Avatar
revzalot revzalot is offline
Shell Scout
 
Join Date: May 2008
Posts: 123
Default

Whoa! This could be the one I've been looking for. Feels like Xmas.
Reply With Quote
  #9   (View Single Post)  
Old 14th September 2009
gamemaniac gamemaniac is offline
Port Guard
 
Join Date: Aug 2009
Posts: 15
Default

So, jggimi, is it recommended to use single IP address for two are more than two websites that you own?
Reply With Quote
Old 14th September 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Your question is both a little off-topic, gamemaniac, and is unanswerable directly, as the answer is both "yes" and "no". So I'll try some indirect level-setting: Depending on the architecture of your application(s), and the infrastructure required to support them, a single IP address for multiple systems may or may not be required or desired.
In the simplest of network scenarios you may be familiar with, a simple NAT router can have a large network behind it, all sharing the same external IP address.

In a simple "web site hosting" service, most service providers commonly place hundreds or even thousands of small websites on the same server or set of servers. Each may have its own DNS name, but all share the same IP address(es).

For the most complex of global web applications, there might be multiple IP addresses sharing the same DNS name. Common examples are the big portal firms such as Google or Yahoo, but also large corporations with a global presence may do this as well. For example, IBM and Citibank do this. The dig(1) utility can show you this type of detailed DNS information.
Reply With Quote
Old 17th September 2009
gamemaniac gamemaniac is offline
Port Guard
 
Join Date: Aug 2009
Posts: 15
Default

Thanks jggmi for such a descriptive explanation to my question.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
CARP interface with DHClient xinform3n OpenBSD General 5 22nd July 2009 12:41 PM
Carp + Trunk firewall mururoa OpenBSD General 0 2nd June 2009 01:01 PM
pfsync+carp+wifi firewall redundancy inquiry revzalot OpenBSD Security 1 18th May 2009 03:06 PM
carp configuration ohhcarp OpenBSD General 3 16th April 2009 10:50 PM


All times are GMT. The time now is 06:42 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick