From owner-freebsd-stable@FreeBSD.ORG Thu Jul 17 07:46:27 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7EAF7F1 for ; Thu, 17 Jul 2014 07:46:27 +0000 (UTC) Received: from ipmail07.adl2.internode.on.net (ipmail07.adl2.internode.on.net [150.101.137.131]) by mx1.freebsd.org (Postfix) with ESMTP id 0521128C0 for ; Thu, 17 Jul 2014 07:46:26 +0000 (UTC) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AhUGAPx8x1M7p/kP/2dsb2JhbABZg2BXgniqBgaWKQqGb1MBgR12hAMBAQEDAQEBASAEJxcJCgEOAgsYAgIFFgsCAgkDAgECAQkMAQkmBggFAQEEAQEBARkEiBkHDrImlzkXBIEohE+IeAcBAU8HgneBTAWYMYQ4kmCDVloHfAkX Received: from eth4368.nsw.adsl.internode.on.net (HELO fish.ish.com.au) ([59.167.249.15]) by ipmail07.adl2.internode.on.net with ESMTP; 17 Jul 2014 17:11:01 +0930 Received: from ip-136.ish.com.au ([203.29.62.136]:52077) by fish.ish.com.au with esmtpsa (UNKNOWN:AES128-SHA:128) (Exim 4.76) (envelope-from ) id 1X7gJ4-0006x4-1r; Thu, 17 Jul 2014 17:40:47 +1000 Message-ID: <53C77E00.1030609@ish.com.au> Date: Thu, 17 Jul 2014 17:40:48 +1000 From: Aristedes Maniatis User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.0 MIME-Version: 1.0 To: Adrian Chadd Subject: Re: load balancer best practices References: <53BE9A9F.4090700@ish.com.au> In-Reply-To: X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Cc: "stable >> freebsd-stable" X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jul 2014 07:46:27 -0000 Thanks for this. However unlike Linux where it is a system property, it looks like this option needs to be invoked inside each userland application. So without changing code for each app I care about, it looks like I'm creating lots of /32 CARP addresses. Can someone shed more light on what vhid represents? What happens when two addresses share the same vhid on the same (or different) interfaces? Why do the examples in the FreeBSD handbook always show different vhids? Ari On 11/07/2014 3:26am, Adrian Chadd wrote: > yeah, you can search for IP_BINDANY. It's a socket option. > > > -a > > > On 10 July 2014 06:52, Aristedes Maniatis wrote: >> With the changes in CARP as part of FreeBSD 10 I have some questions about the best way to do some things. >> >> >> 1. On a load balancer (haproxy) we might have the machine handling 100 or 5000 IP addresses. It would be simplest to just define a /24 (or more) range on the external interface (or in CARP) but then I cannot bind to each address. >> >> Linux has something like net.ipv4.ip_nonlocal_bind. There appears to be nothing similar for FreeBSD. Do I need to define a /32 and alias each address? >> >> a. is there a cleaner way? >> b. will that cause performance issues if I create many hundreds of /32 aliases on the interface? >> >> >> >> 2. If I need to define a large number of aliases in CARP I'll quickly run out of vhids which I understand to go up to 256. What is the real meaning of vhid in a CARP definition? Can they be shared by different IP addresses on the load balancer pair? That is, can they all be labelled "vhid=1" or is CARP limited to 256 IP addresses, each of which has to be a /32 (see above). >> >> All the examples in the FreeBSD manual use a different vhid for each IP address but doesn't explain why. >> >> a. If two addresses (aliases) share the same vhid, will that mean they fail over together always? (That might be a good thing for me). >> b. Will it reduce "are you alive?" network traffic between the CARP cluster to have one vhid? >> c. Will bad things happen if I share vhids? >> >> >> Thanks >> Ari >> >> >> -- >> --------------------------> >> Aristedes Maniatis >> ish >> http://www.ish.com.au >> Level 1, 30 Wilson Street Newtown 2042 Australia >> phone +61 2 9550 5001 fax +61 2 9550 4001 >> GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A >> _______________________________________________ >> freebsd-stable@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-stable >> To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" -- --------------------------> Aristedes Maniatis ish http://www.ish.com.au Level 1, 30 Wilson Street Newtown 2042 Australia phone +61 2 9550 5001 fax +61 2 9550 4001 GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A