[prev in list] [next in list] [prev in thread] [next in thread]
List: netfilter
Subject: RE: Choices for virtual IP failover (was Re: Firewall in
From: Thomas Jacob <jacob () internet24 ! de>
Date: 2009-05-25 17:47:11
Message-ID: 1243273631.13703.7.camel () enterprise ! ims-firmen ! de
[Download RAW message or body]
On Mon, 2009-05-25 at 17:39 +0100, John Bourke wrote:
> Thomas,
>
> This is what I get for reading everything BUT the man page !
>
> Found the preempt, but the checks seem to refer to the health checks of real
> servers
>
> # one entry for each realserver
> real_server <IPADDR> <PORT>
> {
> ...
> # Script to launch when healthchecker
> # considers service as up.
> notify_up <STRING>|<QUOTED-STRING>
> # Script to launch when healthchecker
> # considers service as down.
> notify_down <STRING>|<QUOTED-STRING>
>
> # pick one healthchecker
> # HTTP_GET|SSL_GET|TCP_CHECK|SMTP_CHECK|MISC_CHECK
>
> I don't think this can trigger a keepalived VRRp failover if a real server
> fails ??? (not that our scenario uses external real servers)
You really need the bleeding edge for the scripting checks:
http://www.keepalived.org/software/keepalived-1.1.17.tar.gz
cat doc/samples/keepalived.conf.vrrp.localcheck
! Configuration File for keepalived
vrrp_script chk_sshd {
script "killall -0 sshd" # cheaper than pidof
interval 2 # check every 2 seconds
weight -4 # default prio: -4 if KO
}
[...]
vrrp_instance VI_1 {
interface eth0
state MASTER
virtual_router_id 51
priority 100
virtual_ipaddress {
192.168.200.18/25
}
track_interface {
eth1 weight 2 # prio = +2 if UP
eth2 weight -2 # prio = -2 if DOWN
eth3 # no weight, fault if down
}
track_script {
chk_sshd # use default weight from the script
chk_haproxy weight 2 # +2 if process is present
chk_http_port
chk_https_port
chk_smtp_port
}
}
[..]
> Thanks
>
> John
>
>
> -----Original Message-----
> From: Thomas Jacob [mailto:jacob@internet24.de]
> Sent: 25 May 2009 15:31
> To: John Bourke
> Cc: 'Eduardo Sachs'; netfilter@vger.kernel.org
> Subject: RE: Choices for virtual IP failover (was Re: Firewall in Load
> Balance - Active/Active)
>
> On Mon, 2009-05-25 at 15:26 +0100, John Bourke wrote:
> > Folks,
> >
> > Keepalived does not seem to have a mechanism to failover on the failure of
> a
> > process on the system. It has a load balancer which can select where
> > traffic is sent to based on a HTTP check or a script return code. But
> that
> > is for server selection in load balancing.
>
> It does in the latest versions, you can now add periodically run check
> scripts that can be used to determine a FAULT state.
>
> > One thing you really need to consider is flip flopping. If you have Node
> A
> > which is master, and when it goes down, Node B becomes master, the when
> node
> > A comes up again it will become master. A mechanism to "stick to the node
> > last used" would be better so that a master with an intermittent failure
> > does not cause flip flops.
>
> You can do that with keepalived as well, check out the preemption
> control parameters (noprempt etc.)
>
> > Thanks
> >
> > John
>
>
>
>
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic