|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
||||
CARP provides the ability for multiple systems to share a single IP address, for high availability (HA) requirements where a single IP address must be used. That's all it does. It is perfect for discrete transactions, such as packet routing. Applications that must share information between servers are not a good fit for CARP alone. The example I would point to is PF; in order to share state table information between routers, the pfsync(4) driver had to be developed.
On the other hand, there are any number of applications that are conducive to "server farm" operations. These are typically multi-tier environments, such as a farm of websevers driving application servers with back end data servers. And these sorts of applications use load balancers to support a pool of webservers, and the web servers will drive a pool of application servers, and then the database servers might be in HA configurations for additional redundancy. None of these share the same IP address within the farm, so CARP would be unnecessary. PF can be load balancer, by the way. See the "Address Pools and Load Balancing" chapter of the PF Users Guide. |
|
||||
Here's a graphic from one of Bob Beck's (beck@) presentations on spamd(8). This one shows nine different servers involved with e-mail processing at the University of Alberta in 2006. Note that the bastion routers are running CARP and acting as round-robin load balancers.
http://www.ualberta.ca/~beck/nycbug06/spamd/mgp00019.html |
|
||||
Wow nice setup and I'm going to attemp to follow that example with minor tweaks. On the firewall side, I'm satfisfied with CARP/PFsync.
The beauty of OBSD is that apache and bind are chrooted by default! I've already setup an OBAMP and a virtual mail server using postfix,mysql,etc. I'm going to setup another server and clone it. Both servers will have two nics each - one serving to the public and the other hooked via crossover cable for syncing with rsync. I guess rsync/cron will provide the clustering. But one server will be the master dns server while the other will secondary/slave and will be setup for DNS round robin. My question now is rsync adequated for clustering/heartbeat or does OBSD have something better? I've taken a look at Linux-HA but that's another steep learning curve. With rsync I can tell cron to rsync every 5 minutes?? How would I use rsync properly for clustering? Last edited by revzalot; 12th September 2009 at 01:27 AM. |
|
|||
Quote:
As a technology useful to implement redundancy, it is more common to set up the same functionality on each CARP server such that service is always available from somewhere. Instead of using CARP to connect a DNS master to its slave (which by definition isn't a model of true redundancy, but rather as a limited backup...), CARP is better used to connect two servers which both act as masters or both act as slaves. In fact, this is the model proposed by ai-danno (who visits this forum from time to time...) several versions ago for OpenBSD 4.2: http://openbsd-wiki.org/index.php?ti...nt_caching-DNS However, be forewarned that the information is dated. Such articles bordering on how-to's do not absolve readers from doing their homework. Study the manpages. |
|
|||
Are you aware of relayd?
The EXAMPLE section of the relayd.conf man page has an example of load balancing 4 web servers. I haven't got the chance to play with it yet though
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
So, jggimi, is it recommended to use single IP address for two are more than two websites that you own?
|
|
||||
Your question is both a little off-topic, gamemaniac, and is unanswerable directly, as the answer is both "yes" and "no". So I'll try some indirect level-setting: Depending on the architecture of your application(s), and the infrastructure required to support them, a single IP address for multiple systems may or may not be required or desired.
In the simplest of network scenarios you may be familiar with, a simple NAT router can have a large network behind it, all sharing the same external IP address. |
|
|||
Thanks jggmi for such a descriptive explanation to my question.
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
CARP interface with DHClient | xinform3n | OpenBSD General | 5 | 22nd July 2009 12:41 PM |
Carp + Trunk firewall | mururoa | OpenBSD General | 0 | 2nd June 2009 01:01 PM |
pfsync+carp+wifi firewall redundancy inquiry | revzalot | OpenBSD Security | 1 | 18th May 2009 03:06 PM |
carp configuration | ohhcarp | OpenBSD General | 3 | 16th April 2009 10:50 PM |