On weekend I decided to give a try for hoststated on OpenBSD 4.1 compiled
from source, and I noticed a problem when using sticky-address in hoststated
service. Let's say you have 2 hosts defined in webhosts table:
webhost1="10.10.10.11"
webhost2="10.10.10.12"
table webhosts {
real port http
check http "/" code 200
host $webhost1
host $webhost2
}
And service www looks like this:
service www {
virtual host $ext_addr port http
# tag every packet that goes thru the rdr rule with HOSTSTATED
tag HOSTSTATED
table webhosts
}
Now if webhost1 dies, all requests goes to webhost2 and it failover is
successful. If we add sticky-address to www service, and webhost2 dies looks
like sticky-address still sends all request from same client to webhost2
even if it's dead as long as you have state in pf:
pfctl -vvvss |grep x.x.x.x
all tcp 10.10.10.12:443 <- 72.26.99.52:443 <- x.x.x.x:20763
TIME_WAIT:TIME_WAIT
all tcp x.x.x.x:20763 -> 10.10.10.12:443 TIME_WAIT:TIME_WAIT
After state times out, it will actually fail over to webhost1, but if you
are trying to load balance really active hosts, each time client tries to
connect to webhost2 it starts new state and effectively resets timeout
counter.
Tautvydas
