LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > *BSD
User Name
Password
*BSD This forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.

Notices


Reply
  Search this Thread
Old 01-19-2017, 07:28 AM   #1
Ladowny
LQ Newbie
 
Registered: Oct 2006
Distribution: Debian, OpenBSD
Posts: 26

Rep: Reputation: 0
OpenDBS pf round robin and detecting unresponsive hosts


Hi

I have OpenBSD 6.0 firewall with round-robin to load balance incoming http(s) traffic to a pool of web servers on internal network. I use sticky-adress to make sure requests from the same source are always being passed to the same internal server be able to use http sessions

My firewall rules look like this. Obviusly have more than one server pool ( table )
Code:
webserver_pub="a.b.c.d.e"  # Public IP address 
table <webserverpriv> { 10.1.1.100 10.1.1.101 10.1.1.102 etc }

...

match in on egress proto tcp to $webserver_pub port { http https } rdr-to <webserverpool> round-robin sticky-address
pass in quick on egress inet proto tcp from any to <webserverpriv> port { http https }
The problem is that if one of the servers in the pool becomes unresponsive for some reason pf will still redirect requests to it.

I'm looking for a solution that would allow to remove dead servers from the table automatically and add them back when they start responding again.

I found these solutions and was wondering which would be the best to suit my needs

- relayd , but howtos I found say that it does not support "sticky-address" feature
- ifstated - this should support sticky-address, but all howtos refer to load balancing outgoing traffic

How to test if http service on remote internal host is running using ifstated ? Pinging host is not the best option as it may respond to pings even if http is down.

Which method are you using to provide high availability of your web services ?

Thanks

Greg

Last edited by Ladowny; 01-19-2017 at 09:02 AM.
 
Old 01-19-2017, 12:00 PM   #2
jggimi
Member
 
Registered: Jan 2016
Distribution: None. Just OpenBSD.
Posts: 92

Rep: Reputation: 33
Hi Greg.

Though I personally have more experience with ifstated(8), I'd probably choose relayd(8) for this, since it is designed to act as an http load balancer, automatically monitoring the server farm for availability. There are examples in relayd.conf(5) that will likely be more helpful (and more accurate) than HOWTOs you find online.

Have you ever read Peter Hansteen's Pledge of the Network Admin?
Code:
This is my network.
It is mine
or technically my employer’s,
it is my responsibility
and I care for it with all my heart
there are many other networks a lot like mine,
but none are just like it.

I solemnly swear
that I will not mindlessly paste from HOWTOs.
 
Old 04-08-2017, 05:33 PM   #3
Navalned
LQ Newbie
 
Registered: Oct 2015
Location: Texas
Distribution: OpenBSD
Posts: 1

Rep: Reputation: Disabled
You can specify a different test than just ping. Perhaps an expect script that telnets into your webserver and speaks some http and based on the response exits with whatever exit status ifstated needs to know its down. Completely untested, just a thought.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Scheduling through Round robin utkarshrawat Programming 3 05-16-2011 09:33 AM
round robin dns linuxengineer Linux - Server 1 11-16-2010 03:55 AM
round robin dns linuxengineer Linux - Networking 1 11-16-2010 03:54 AM
Verify /etc/hosts usage and round robin in /etc/hosts MikeyCarter Linux - Software 1 06-24-2008 12:20 PM
Round Robin DNS Lucsi Linux - Software 1 07-18-2002 04:17 AM

LinuxQuestions.org > Forums > Other *NIX Forums > *BSD

All times are GMT -5. The time now is 09:40 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration