From owner-freebsd-net@FreeBSD.ORG Mon Mar 26 20:14:23 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C7C6316A400 for ; Mon, 26 Mar 2007 20:14:23 +0000 (UTC) (envelope-from Ross.Draper@gcapmedia.com) Received: from cluster-b.mailcontrol.com (cluster-b.mailcontrol.com [217.68.146.190]) by mx1.freebsd.org (Postfix) with ESMTP id 47C6813C4E5 for ; Mon, 26 Mar 2007 20:14:23 +0000 (UTC) (envelope-from Ross.Draper@gcapmedia.com) Received: from lqm4.gcapmedia.com (no-dns-yet.demon.co.uk [194.70.58.205] (may be forged)) by rly02b.srv.mailcontrol.com (MailControl) with ESMTP id l2QJOLVA032097 for ; Mon, 26 Mar 2007 20:25:50 +0100 Received: from LQEVS1.gcapmedia.com ([10.73.2.12]) by lqm4.gcapmedia.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 26 Mar 2007 20:24:51 +0100 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Mon, 26 Mar 2007 20:24:48 +0100 Message-ID: <3DDDCC38D00FA545A6C012475EF2DC0302AF85DF@LQEVS1.gcapmedia.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Vrrp/CARP/ucarp Problems Thread-Index: Acdv3GtVHpShS0fORi+7ONcFQCvhgg== From: "Ross Draper" To: X-OriginalArrivalTime: 26 Mar 2007 19:24:51.0507 (UTC) FILETIME=[6CF8A030:01C76FDC] X-Scanned-By: MailControl A-07-06-90 (www.mailcontrol.com) on 10.66.0.112 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Vrrp/CARP/ucarp Problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Mar 2007 20:14:23 -0000 Hi All =20 I was wondering if I could get some advice from those of you who have successfully implemented ip address failover systems such as carp and freevrrpd. =20 I am trying to set up a high availability web loadbalancer using a pair of freebsd 6.2 boxes. I have tried a number of ways to perform failover but always seem to be hitting a problem. =20 UCARP Pro's:This would be my ideal solution as the startup/shutdown scripts enable me to stop and start my applications and add aliases to adaptors easily. Cons: When the backup box is rebooted it always comes up advertising itself as the master then after a few seconds reverts to backup, although I was under the impression it was supposed to wait and listen for advertisements(it doesnt seem to). The backup boxes initial gratuitous arp as a master is sufficient to poison any traffic from the local router to the shared ip address. Only solution was to use arp-sk to send gratuitous arps every few secs, however, arp-sk was a bit flakey and it was a bodge. =20 CARP Pro's: stable and built into the kernel. Could enable acive/active arp load sharing at a later point. Cons: There is a Freebsd bug (I've seen it discussed on the lists) where the creation and destroyal of a carp interface causes a kernel panic. Also, there is no support for start/stop scripts. =20 Freevrrpd Pros: Mac address changing removes some of the arp timeout issues/gratuitous arp problems and it supports start/stop scripts Cons: I'm finding that upon rebooting the backup unit it correctly starts as a backup, then three seconds later syslogs that it is the master and changes its mac address accordingly. although a sniff of the network traffic indicates it is sending the right advertisements(lower priority), it never goes into backup mode again. =20 So, what am I doing wrong? Are these common problems, or something that appears specific to my hosts/switches? are there more suitable options? The loadbalancers are all single homed and I have tried a mixture of xl, bge and fxp cards.=20=20 =20 Any help/suggestions much appreciated, also, any links to a perl based gratuitous arp util would be great! =20 Many thanks Ross=20 PS - Apologies if you see multiple copies of this message, I seem to be having trouble getting mails onto the list. All correspondence, attachments and agreements remain strictly subject to f= ully executed contract. (c) GCap Media plc 2006. All rights remain reserved= . This e-mail (and any attachments) contains information which may be confi= dential, subject to intellectual property protection and may be legally pri= vileged and protected from disclosure and unauthorised use. It is intended = solely for the use of the individual(s) or entity to whom it is addressed a= nd others specifically authorised to receive it. If you are not the intende= d recipient of this e-mail or any parts of it please telephone 020 7054 800= 0 immediately upon receipt. No other person is authorised to copy, adapt, f= orward, disclose, distribute or retain this e-mail in any form without prio= r specific permission in writing from an authorised representative of GCap = Media plc. We will not accept liability for any claims arising as a result = of the use of the internet to transmit information by or to GCap Media plc. GCap Media plc. Registered address: 30 Leicester Square, London WC2H 7LA. = Registered in England & Wales with No. 923454