Date: Thu, 13 Dec 2012 15:31:13 +0100 From: Joar Jegleim <joar.jegleim@gmail.com> To: =?UTF-8?Q?Samuel_Mart=C3=ADn_Moro?= <faust64@gmail.com> Cc: questions@freebsd.org Subject: Re: regarding carp and nginx Message-ID: <CAFfb-hox=1U%2BMFkTzKWwT32jkkTgpeZGdNpejX6icKR-UvZoVg@mail.gmail.com> In-Reply-To: <CACuvv5HnwoAKzWN7QDVyhK_5CQEYNQL1RhOfH-W95ZTUkN4F0Q@mail.gmail.com> References: <CAFfb-hoHHdbKM1rpxTDMM69d5yBDKyB7eyY-aooTJr7-GXx6wA@mail.gmail.com> <CACuvv5HnwoAKzWN7QDVyhK_5CQEYNQL1RhOfH-W95ZTUkN4F0Q@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, thnx for your fast reply . Got no ssl sessions . There's no error code, I'm simply getting a 'Unable to connect' , as if the server isn't there ... I'm not expecting the active node to 'go down that often' :p if normal behaviour would be some seconds until the passive node takes over I could live with that, but if I've configured something wrong or missing some important part I need to make the failover seamless I have to make this right :p --=20 ---------------------- Joar Jegleim Homepage: http://cosmicb.no Linkedin: http://no.linkedin.com/in/joarjegleim fb: http://www.facebook.com/joar.jegleim AKA: CosmicB @Freenode ---------------------- On 13 December 2012 13:36, Samuel Mart=C3=ADn Moro <faust64@gmail.com> wrot= e: > > > On Thu, Dec 13, 2012 at 1:19 PM, Joar Jegleim <joar.jegleim@gmail.com> > wrote: >> >> Hi ! >> >> I'm in the process of setting up a HA nginx proxy using carp in >> FreeBSD 9.0-RELEASE . >> I've got a active/passive setup where both nodes are running an nginx >> server listening to carp0 . >> >> If I issue: ifconfig carp0 down on the active node, the passive node >> takes over immediately . >> But when I for instance issue a simple reboot from the master node, >> then try accessing any web page through the proxy I'm getting a >> connection error for 3-5 seconds . >> It's kinda strange because if I ping the carp0 ip from my workstation >> when reboot'ing the master I don't see this kind of drop in connection >> (that is the passive node immediatly becomes master and reply my ping) >> >> I've tried having nginx listen to all available interfaces, same result. >> I've tried writing a simple devd.conf rule such as: >> notify 0 { >> match "system" "IFNET"; >> match "type" "LINK_UP"; >> match "subsystem" "carp*"; >> action "/root/bin/carpcontrol.sh $type $subsystem"; >> }; >> >> notify 0 { >> match "system" "IFNET"; >> match "type" "LINK_DOWN"; >> match "subsystem" "carp*"; >> action "/root/bin/carpcontrol.sh $type $subsystem"; >> }; >> >> where carpcontrol.sh got: >> #!/bin/sh >> >> type=3D$1 >> subsystem=3D$2 >> >> echo "$(date) called with type=3D$type and subsystem=3D$subsystem" >> >> /var/log/carp/carp.log >> /usr/local/etc/rc.d/nginx restart >> /var/log/kit/carp.log >> 2>>/var/log/carp/carp.log >> >> >> which doesn't help, I still get 3-5 seconds drop in connection if I >> reboot the master node . >> I've also tried to just cut the power for the master node, still >> getting those 3-5 seconds drop . >> >> I've set the following in sysctl.conf >> #Accept incoming CARP packets. Enabled by default. >> net.inet.carp.allow=3D1 >> #This option downs all of the CARP interfaces on the host when one of >> them goes down. Disabled by default >> net.inet.carp.preempt=3D1 >> #A value of 0 disables any logging. A Value of 1 enables logging of >> bad CARP packets. Values greater than 1 enables logging of state >> changes for the CARP interfaces. The default value is 1. >> net.inet.carp.log=3D2 >> >> >> >> -- >> ---------------------- >> Joar Jegleim >> Homepage: http://cosmicb.no >> Linkedin: http://no.linkedin.com/in/joarjegleim >> fb: http://www.facebook.com/joar.jegleim >> AKA: CosmicB @Freenode >> >> ---------------------- >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to >> "freebsd-questions-unsubscribe@freebsd.org" > > > > Hi, > > What error code are you encountering? > > CARP would only deal with sharing your virtual IP. > First, you could check about pfsync, which would sync PF states through y= our > CARP cluster. > > Then, are you sure there is no session handling/cookies stuff on your ngi= nx > proxies? > Or even: using SSL? Could this be related to your SSL handshake not being > shared? > Keep in mind CARP runs on OSI layer 2&3. It won't be sufficient dealing w= ith > applicative aspects of redundancy. > > Also, while playing with devd may fits your requirements, I assume you > have'nt heard of ifstated? > Being used to OpenBSD CARPs, I'm always using ifstated to ensure proper > balance. > It seems ifstated is in FreeBSD ports tree: give it a shot! > > > Regards. > -- > Samuel Mart=C3=ADn Moro > {EPITECH.} 2011 > SMILE - Open Source Solutions > > "Nobody wants to say how this works. > Maybe nobody knows ..." > Xorg.conf(5)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFfb-hox=1U%2BMFkTzKWwT32jkkTgpeZGdNpejX6icKR-UvZoVg>