On Thu, Apr 20, 2006 at 09:41:11AM +0100, Ashley Moran wrote:
> Hi
>
> I've just been through the recent messages on this list and saw something
> similar but not exactly the same as what I was planning to implement. We've
> just got two new firewalls (now installed with OpenBSD 3.8, which will soon
> be CARPed and pfsynced) and two new webservers which we want to
> cluster.
>
> Say the webservers are named internally 10.0.0.1 and 10.0.0.2. Is it
> possible to create two CARP interfaces, say 10.0.0.3 and 10.0.0.4,
> where server 10.0.0.1 is master of CARP 10.0.0.3 and 10.0.0.2 is
> master of CARP 10.0.0.4. Then, use rdr load balancing on the firewall
> to hit the .3/.4 CARP addresses, instead of the server addresses.
>
> At first glance this looks like it would work - if either server dies the
> other will take over master of both IPs and pf will not care.
>
> My only thought is it might complicate SSL connections which are per-IP, but
> then it shouldn't be a problem to make the same SSL virtual host respond to
> the two CARP addresses (or however many more CARP pairs I need to create for
> other sites).
>
> Does this sound workable, or will I need to resort to something like Pound on
> the webservers?
It's workable. SSL is a problem, though, but you are aware of that
already.
Joachim
