From owner-freebsd-stable@FreeBSD.ORG Thu Jul 10 13:57:58 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E071B3CC for ; Thu, 10 Jul 2014 13:57:58 +0000 (UTC) Received: from ipmail06.adl2.internode.on.net (ipmail06.adl2.internode.on.net [150.101.137.129]) by mx1.freebsd.org (Postfix) with ESMTP id 78D202DA3 for ; Thu, 10 Jul 2014 13:57:58 +0000 (UTC) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AigFAFGavlM7p/kP/2dsb2JhbABZg2CDSakJAQEBAQEBBpMgiGx1hC0EPhMPJwIFFgsCCwMCAQIBCTYMDQgBAYg9nzmPI5kdFwSBKIROiHKDVoFMBaIPjQaDVSuBMQ Received: from eth4368.nsw.adsl.internode.on.net (HELO fish.ish.com.au) ([59.167.249.15]) by ipmail06.adl2.internode.on.net with ESMTP; 10 Jul 2014 23:22:36 +0930 Received: from [10.242.2.50] (port=60231 helo=Aris-MacBook-Pro-3.local) by fish.ish.com.au with esmtpsa (UNKNOWN:AES128-SHA:128) (Exim 4.76) (envelope-from ) id 1X5Em0-0005KE-2O for freebsd-stable@freebsd.org; Thu, 10 Jul 2014 23:52:33 +1000 Message-ID: <53BE9A9F.4090700@ish.com.au> Date: Thu, 10 Jul 2014 23:52:31 +1000 From: Aristedes Maniatis User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.0 MIME-Version: 1.0 To: "stable >> freebsd-stable" Subject: load balancer best practices X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jul 2014 13:57:58 -0000 With the changes in CARP as part of FreeBSD 10 I have some questions about the best way to do some things. 1. On a load balancer (haproxy) we might have the machine handling 100 or 5000 IP addresses. It would be simplest to just define a /24 (or more) range on the external interface (or in CARP) but then I cannot bind to each address. Linux has something like net.ipv4.ip_nonlocal_bind. There appears to be nothing similar for FreeBSD. Do I need to define a /32 and alias each address? a. is there a cleaner way? b. will that cause performance issues if I create many hundreds of /32 aliases on the interface? 2. If I need to define a large number of aliases in CARP I'll quickly run out of vhids which I understand to go up to 256. What is the real meaning of vhid in a CARP definition? Can they be shared by different IP addresses on the load balancer pair? That is, can they all be labelled "vhid=1" or is CARP limited to 256 IP addresses, each of which has to be a /32 (see above). All the examples in the FreeBSD manual use a different vhid for each IP address but doesn't explain why. a. If two addresses (aliases) share the same vhid, will that mean they fail over together always? (That might be a good thing for me). b. Will it reduce "are you alive?" network traffic between the CARP cluster to have one vhid? c. Will bad things happen if I share vhids? Thanks Ari -- --------------------------> Aristedes Maniatis ish http://www.ish.com.au Level 1, 30 Wilson Street Newtown 2042 Australia phone +61 2 9550 5001 fax +61 2 9550 4001 GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A