Re: VIPs with haproxy

From: Willy Tarreau <w#1wt.eu>
Date: Wed, 29 Oct 2008 21:54:16 +0100


On Wed, Oct 29, 2008 at 04:04:47PM -0400, Joseph Hardeman wrote:
> Willy,
>
> I forgot to mention that all of the machines are on 1000M Full. None of
> them are set to 100M.

OK that's a good thing.

> >I had the external IP of haproxy set to the VIP interface, should it
> >be set to 0.0.0.0? It is now set to bind to the physical IP of the
> >external NIC.

OK. I thought it was bound to the native IP address and was wondering how you were accessing it. So I assume that you restart the process to change the IP it listens to. You should try to bind it to both addresses (two "bind" lines, or 0.0.0.0) in order to compare when the problem happens, if it happens only one one IP or on both.

> >I have the web server external IP's in the server section.
> >The external IP is located on eth1 and when heartbeat brings up the
> >VIP, it is placed on the same interface as eth1:0.

It's amazing to see that some tools are still using this very old deprecated method. IP aliases have been there for something like 10 years now and it looks like interface aliases are still in use. Anyway, it should not cause any trouble though.

> I do not have an
> >ifcfg-eth1:0 file setup in the /etc/sysconfig/network-scripts section
> >as heartbeat doesn't need one to setup the VIP. I can add one, with
> >the on boot set to no, so if the box is rebooted for some reason it
> >doesn't have an IP conflict with the other haproxy system.

I agree with you, you have no reason to do this.

> >We don't have iptables started on any of the these boxes and the
> >firewall in front of everything shouldn't be effecting anything as I
> >am test from another system within the same network. Even though
> >ip_conntracking.c is on the haproxy box, I don't believe that it is
> >engaged as when I go to /proc and search for ip_conn* in all of the
> >subdirectories, I don't find a file with this name.

indeed, judging from your analysis, it's not loaded and that's fine.

But it leaves us with the trouble... Another idea, would it be possible that under load, heartbeat on the other node would sometimes fail to see the master and bring the IP up from time to time ? It would clearly cause failures. You might want to try disabling heartbeat and adding the alias by hand.

Regards,
willy Received on 2008/10/29 21:54

This archive was generated by hypermail 2.2.0 : 2008/10/29 22:01 CET