On Thu, Apr 20, 2006 at 09:41:11AM +0100, Ashley Moran wrote: > Hi > > I've just been through the recent messages on this list and saw something > similar but not exactly the same as what I was planning to implement. We've > just got two new firewalls (now installed with OpenBSD 3.8, which will soon > be CARPed and pfsynced) and two new webservers which we want to > cluster. > > Say the webservers are named internally 10.0.0.1 and 10.0.0.2. Is it > possible to create two CARP interfaces, say 10.0.0.3 and 10.0.0.4, > where server 10.0.0.1 is master of CARP 10.0.0.3 and 10.0.0.2 is > master of CARP 10.0.0.4. Then, use rdr load balancing on the firewall > to hit the .3/.4 CARP addresses, instead of the server addresses. > > At first glance this looks like it would work - if either server dies the > other will take over master of both IPs and pf will not care. > > My only thought is it might complicate SSL connections which are per-IP, but > then it shouldn't be a problem to make the same SSL virtual host respond to > the two CARP addresses (or however many more CARP pairs I need to create for > other sites). > > Does this sound workable, or will I need to resort to something like Pound on > the webservers?
It's workable. SSL is a problem, though, but you are aware of that already. Joachim