Just an idea, but you might consider giving private ip to the phydev and
using nrpe plugin for nagios so you'll be able to ping them from the inside
and report everything to your external nagios monitor

Alex

On Fri, Jan 13, 2012 at 5:12 AM, PP;QQ P(P8P?P8QP8P=
<chipits...@gmail.com> wrote:

> sounds nice.
>
> I came to somewhat similar. Just ssh to external address and ping both carp
> peers (via internal addresses), if there're less than 2 answers, we are in
> trouble.
>
> your idea is also good.
>
> 2012/1/13 Nick Holland <n...@holland-consulting.net>
>
> > ok, let's try this idea...
> >
> > Your systems have ONE external address, but they can have as many
> > internal addresses as desired, right?
> >
> > SO...let's say you have two CARP'd firewalls, FW1 and FW2.  They share
> > external address of x.x.x.x.
> >
> >                  FW1:       FW2:
> > External        x.x.x.x    x.x.x.x   (same)
> > Internal real   10.0.0.2   10.0.0.3
> > internal CARP   10.0.0.1   10.0.0.1  (same)
> >
> > port 22 gets you ssh on the active firewall...but which is that?
> >
> > How about a PF ruleset that redirects port 2202 to 10.0.0.2 port 22 and
> > port 2203 to 10.0.0.3?  Now you can find out anything you wish about
> > either box ON DEMAND by selecting the port you ssh to?  If 2202 doesn't
> > answer, you've lost fw1, if 2203 doesn't answer, you have lost fw2
> >
> > In addition to checking to see that the box is up, it's good to check
> > for a sane CARP status -- i.e., all "MASTER" on one box, "SLAVE" on the
> > other, plus other overall health issues.
> >
> > Nick.
> >
> > On 01/12/12 13:48, iLXQ {IPICIN wrote:
> > > well, it's usually not possible.
> > > we use OpenBSD, because it supports "carpdev" option (FreeBSD does not
> > > support it)
> > >
> > > most of our carp clusters run on single address. no spare IP space.
> > >
> > > we could do ssh and ping carp peer (some trouble with preemption), but
> we
> > > do not want to stick with certain IP addresses. we would like to
> monitor
> > > "in general"
> > >
> > > 1) define new carp cluster for monitoring
> > > 2) ssh to it and monitorcarp peer in general without specifying it's
> > address
> > >
> > > 2012/1/13 Simon Perreault <simon.perrea...@viagenie.ca>
> > >
> > >> On 01/12/2012 01:18 PM, P P;Q Q  P(P8P?P8Q P8P= wrote:
> > >>
> > >>> we are using nagios for monitoring and it is running on separate
> > server.
> > >>> we
> > >>> do not want to monitor server from inside.
> > >>> we want to run run something via ssh and see whether carp peer is
> dead
> > or
> > >>> not.
> > >>>
> > >>
> > >> Give each server it's unique IP address.
> > >> Use a third IP address for carp.
> > >> Monitor all three addresses.
> > >>
> > >> Simon
> > >> --
> > >> DTN made easy, lean, and smart --> http://postellation.viagenie.**ca<
> > http://postellation.viagenie.ca>
> > >> NAT64/DNS64 open-source        --> http://ecdysis.viagenie.ca
> > >> STUN/TURN server               --> http://numb.viagenie.ca

Reply via email to