The following reply was made to PR docs/186464; it has been noted by GNATS.
From: Allan Jude <free...@allanjude.com> To: bug-follo...@freebsd.org Cc: Subject: Re: docs/186464: Online-Documentation for carp(4) is outdated Date: Wed, 12 Feb 2014 18:03:38 -0500 This is a multi-part message in MIME format. --------------020801060300060708020404 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Attached is a diff to bring the carp(4) section of the handbook up to date. It pulls the conceptual stuff out into a section before the instructions, and provides separate instructions for 9.x and prior, and 10.x and later. Also adds some of the newer markup, like <systemitem class="ipaddress"> -- Allan Jude --------------020801060300060708020404 Content-Type: text/plain; charset=windows-1252; name="docs.carp_10x.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="docs.carp_10x.diff" Index: advanced-networking/chapter.xml =================================================================== --- advanced-networking/chapter.xml (revision 43884) +++ advanced-networking/chapter.xml (working copy) @@ -5589,15 +5589,16 @@ </sect1> <sect1 xml:id="carp"> - <info><title>Common Address Redundancy Protocol - (<acronym>CARP</acronym>)</title> + <info> + <title>Common Address Redundancy Protocol + (<acronym>CARP</acronym>)</title> + <authorgroup> <author><personname><firstname>Tom</firstname><surname>Rhodes</surname></personname><contrib>Contributed by </contrib></author> + <author><personname><firstname>Allan</firstname><surname>Jude</surname></personname><contrib>Updated by </contrib></author> </authorgroup> </info> - - <indexterm> <primary><acronym>CARP</acronym></primary> </indexterm> @@ -5607,135 +5608,280 @@ <para>The Common Address Redundancy Protocol (<acronym>CARP</acronym>) allows multiple hosts to share the - same <acronym>IP</acronym> address. In some configurations, - this may be used for availability or load balancing. Hosts - may use separate <acronym>IP</acronym> addresses, as in the - example provided here.</para> + same <acronym>IP</acronym> address(es) and can be used to + achieve high availability. Hosts should also have a unique + <acronym>IP</acronym> address for management and configuration, + as in the example provided here.</para> - <para>To enable support for <acronym>CARP</acronym>, the &os; - kernel can be rebuilt as described in <xref linkend="kernelconfig"/> with the following option:</para> + <sect2 xml:id="carp-ha"> + <title>Using <acronym>CARP</acronym> for High + Availability</title> - <programlisting>device carp</programlisting> + <para>One use of <acronym>CARP</acronym> is to provide server + high availability for one or more services. This example + configures failover support for three hosts, all with + unique <acronym>IP</acronym> addresses and providing the same + web content. These machines are load balanced with a Round + Robin <acronym>DNS</acronym> configuration. The master and + backup machines should be configured identically other than + their hostnames and management <acronym>IP</acronym> + addresses. These servers need to run the same services, such + as the web server, with the same configuration so that when + the failover happens, requests to that service will be + answered correctly and with the same content. The failover + machine has two additional <acronym>CARP</acronym> interfaces, + one for each of the master content server's + <acronym>IP</acronym> addresses. When a failure occurs, the + failover server will pick up the failed machine's + <acronym>IP</acronym> address. This means that the failure + should go completely unnoticed by the user. This example has + two different masters named + <systemitem>hosta.example.org</systemitem> and + <systemitem>hostb.example.org</systemitem> respectively, with + a shared slave named + <systemitem>hostc.example.org</systemitem>.</para> - <para>Alternatively, the <filename>if_carp.ko</filename> module - can be loaded at boot time. Add the following line to - <filename>/boot/loader.conf</filename>:</para> + <para>Each virtual address has a unique + identification number known as a Virtual Host IDentification + (<acronym>VHID</acronym>) which is used to distinguish the + virtual address across the various failover machines that + share the address on the network.</para> - <programlisting>if_carp_load="YES"</programlisting> + </sect2> - <para><acronym>CARP</acronym> functionality should now be - available and may be tuned via several &man.sysctl.8; - variables:</para> + <sect2 xml:id="carp-10x"> + <title>Using <acronym>CARP</acronym> on &os; 10 and + Later</title> - <informaltable frame="none" pgwide="1"> - <tgroup cols="2"> - <thead> - <row> - <entry>OID</entry> - <entry>Description</entry> - </row> - </thead> + <para>To enable support for <acronym>CARP</acronym>, load the + <filename>carp.ko</filename> kernel module by adding the + following line to + <filename>/boot/loader.conf</filename>:</para> - <tbody> - <row> - <entry><varname>net.inet.carp.allow</varname></entry> - <entry>Accept incoming <acronym>CARP</acronym> packets. - Enabled by default.</entry> - </row> + <programlisting>carp_load="YES"</programlisting> - <row> - <entry><varname>net.inet.carp.preempt</varname></entry> - <entry>This option downs all of the - <acronym>CARP</acronym> interfaces on the host when one - goes down. Disabled by default.</entry> - </row> + <para>Alternatively, the &os; kernel can be rebuilt as + described in <xref linkend="kernelconfig"/> with the following + option:</para> - <row> - <entry><varname>net.inet.carp.log</varname></entry> - <entry>A value of <literal>0</literal> disables any - logging. A value of <literal>1</literal> enables - logging of bad <acronym>CARP</acronym> packets. Values - greater than <literal>1</literal> enable logging of - state changes for the <acronym>CARP</acronym> - interfaces. The default value is - <literal>1</literal>.</entry> - </row> + <programlisting>device carp</programlisting> - <row> - <entry><varname>net.inet.carp.arpbalance</varname></entry> - <entry>Balance local network traffic using - <acronym>ARP</acronym>. Disabled by default.</entry> - </row> + <para>Set the hostname, configure the management + <acronym>IP</acronym> address, then configure + <acronym>CARP</acronym> and the <acronym>IP</acronym> address + to be shared by adding the required lines to + <filename>/etc/rc.conf</filename>. Here are example lines for + <systemitem>hosta.example.org</systemitem>:</para> - <row> - <entry><varname>net.inet.carp.suppress_preempt</varname></entry> - <entry>A read-only variable showing the status of - preemption suppression. Preemption can be suppressed - if the link on an interface is down. A value of - <literal>0</literal> means that preemption is not - suppressed. Every problem increments this - variable.</entry> - </row> - </tbody> - </tgroup> - </informaltable> + <programlisting>hostname="hosta.example.org" +ifconfig_em0="inet <systemitem class="ipaddress">192.168.1.3</systemitem> netmask 255.255.255.0" +ifconfig_em0_alias0="vhid 1 pass testpass alias <systemitem class="ipaddress">192.168.1.50</systemitem>/32"</programlisting> - <para>The <acronym>CARP</acronym> devices themselves may be - created using &man.ifconfig.8;:</para> + <para>On <systemitem>hostb.example.org</systemitem>, use the + following lines:</para> - <screen>&prompt.root; <userinput>ifconfig carp0 create</userinput></screen> + <programlisting>hostname="hostb.example.org" +ifconfig_em0="inet <systemitem class="ipaddress">192.168.1.4</systemitem> netmask 255.255.255.0" +ifconfig_em0_alias0="vhid 2 pass testpass alias <systemitem class="ipaddress">192.168.1.51</systemitem>/32"</programlisting> - <para>In a real environment, each interface has a unique - identification number known as a Virtual Host IDentification - (<acronym>VHID</acronym>) which is used to distinguish the - host on the network.</para> + <note> + <para>It is very important that the passwords, specified by + <option>pass</option> with &man.ifconfig.8;, are + identical. The <filename>carp</filename> devices will + only listen to and accept advertisements from machines + with the correct password. The <acronym>VHID</acronym> + must also be unique for each machine.</para> + </note> - <sect2> - <title>Using <acronym>CARP</acronym> for Server - Availability</title> + <para>The third machine, + <systemitem>hostc.example.org</systemitem>, + should be prepared so that it may handle failover from either + of the previous host. This machine will be configured with + two <acronym>CARP</acronym> <acronym>VHID</acronym>s, one to + handle each host. The additional <literal>advskew</literal> + parameter controls the <acronym>CARP</acronym> advertising + skew. By making this host advertise later, it will become a + backup, rather than the master. The appropriate + <filename>/etc/rc.conf</filename> configuration lines will be + similar to the following:</para> - <para>One use of <acronym>CARP</acronym> is to provide server - availability. This example configures failover support for - three hosts, all with unique <acronym>IP</acronym> - addresses and providing the same web content. These machines - act in conjunction with a Round Robin - <acronym>DNS</acronym> configuration. The failover machine - has two additional <acronym>CARP</acronym> interfaces, one - for each of the content server's - <acronym>IP</acronym> addresses. When a - failure occurs, the failover server will pick up the failed - machine's <acronym>IP</acronym> address. - This means that the failure should go completely unnoticed - by the user. The failover server requires identical content - and services as the other content servers it is expected to - pick up load for.</para> + <programlisting>hostname="hostc.example.org" +ifconfig_em0="inet <systemitem class="ipaddress">192.168.1.5</systemitem> netmask 255.255.255.0" +ifconfig_em0_alias0="vhid 1 advskew 100 pass testpass alias <systemitem class="ipaddress">192.168.1.50</systemitem>/32" +ifconfig_em0_alias1="vhid 2 advskew 100 pass testpass alias <systemitem class="ipaddress">192.168.1.51</systemitem>/32"</programlisting> + <para>Having the two <acronym>CARP</acronym> + <acronym>VHID</acronym>s will allow + <systemitem>hostc.example.org</systemitem> to notice and + pick up the shared <acronym>IP</acronym> address of either + machine, should it become unavailable.</para> + + <note> + <para>The default &os; kernel has + preemption disabled. If it is enabled, + <systemitem>hostc.example.org</systemitem> may not + relinquish the <acronym>IP</acronym> address back to the + original master server. In this case, an administrator may + have to manually force the <acronym>IP</acronym> back to the + master. The following command should be issued on + <systemitem>hostc.example.org</systemitem>:</para> + + <screen>&prompt.root; <userinput>ifconfig em0 vhid 1 state backup</userinput></screen> + + </note> + + <para>At this point, <acronym>CARP</acronym> should be enabled + and available for testing. For testing, either networking + has to be restarted or the machines rebooted.</para> + + <para><acronym>CARP</acronym> functionality should now be + available and may be tuned via several &man.sysctl.8; + variables:</para> + + <informaltable frame="none" pgwide="1"> + <tgroup cols="2"> + <thead> + <row> + <entry>OID</entry> + <entry>Description</entry> + </row> + </thead> + + <tbody> + <row> + <entry><varname>net.inet.carp.allow</varname></entry> + <entry>Accept incoming <acronym>CARP</acronym> packets. + Enabled by default.</entry> + </row> + + <row> + <entry><varname>net.inet.carp.preempt</varname></entry> + <entry>Allow virtual hosts to preempt each other. For + firewalls and routers with multiple interfaces, it is + desirable to failover all of the addresses running + carp together, when one of the physical interfaces + goes down. This is achieved by the use of the preempt + option. When one of the physical interfaces of the + master fails, advskew is demoted to a configured value + on all its <acronym>CARP</acronym> + <acronym>VHID</acronym>s. Due to the preempt option, + the backup host would start announcing itself, and + thus preempt the master host on both interfaces + instead of just the failed one. Disabled by + default.</entry> + </row> + + <row> + <entry><varname>net.inet.carp.log</varname></entry> + <entry>Determines what events relating to carp vhids are + logged. A value of 0 disables any logging. A value + of 1 enables logging state changes of carp vhids. + Values above 1 enable logging of bad carp packets. + The default value is 1.</entry> + </row> + + <row> + <entry><varname>net.inet.carp.demotion</varname></entry> + <entry>This value shows current level of + <acronym>CARP</acronym> demotion. The value is added + to the actual advskew sent in announcements for all + <acronym>VHID</acronym>s. During normal system + operation the demotion factor is zero. However, + problematic conditions raise this level: when + <acronym>CARP</acronym> experiences a problem with + sending announcements, when an interface running a + <acronym>VHID</acronym> goes down, or while the + &man.pfsync.4; interface is not synchronized. The + demotion factor can be adjusted by writing to this + &man.sysctl.8; oid. The signed value supplied to the + &man.sysctl.8; command is added to current demotion + factor. This allows the behaviour of + <acronym>CARP</acronym> to be controlled depending on + external conditions, for example on the status of some + daemon utility.</entry> + </row> + + <row> + <entry><varname>net.inet.carp.ifdown_demotion_factor</varname></entry> + <entry>This value is added to + <varname>net.inet.carp.demotion</varname> when an + interface running a <acronym>VHID</acronym> goes down. + The default value is 240 (the maximum advskew + value).</entry> + </row> + + <row> + <entry><varname>net.inet.carp.senderr_demotion_factor</varname></entry> + <entry>This value is added to + <varname>net.inet.carp.demotion</varname> when + <acronym>CARP</acronym> experiences errors sending its + announcements. The default value is 240 (the maximum + advskew value).</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>It is also possible to trigger other actions based on + <acronym>CARP</acronym> events using &man.devd.8;. More + information is available in &man.carp.4;.</para> + + </sect2> + + <sect2 xml:id="carp-9x"> + <title>Using <acronym>CARP</acronym> on &os; 9 and + Earlier</title> + + <para>To enable support for <acronym>CARP</acronym>, load the + <filename>if_carp.ko</filename> kernel module by adding the + following line to + <filename>/boot/loader.conf</filename>:</para> + + <programlisting>if_carp_load="YES"</programlisting> + + <para>Alternatively, the &os; kernel can be rebuilt as + described in <xref linkend="kernelconfig"/> with the following + option:</para> + + <programlisting>device carp</programlisting> + + <para>The <acronym>CARP</acronym> devices themselves may be + created using &man.ifconfig.8;:</para> + + <screen>&prompt.root; <userinput>ifconfig carp0 create</userinput></screen> + + <para>Each virtual address has a unique + identification number known as a Virtual Host IDentification + (<acronym>VHID</acronym>) which is used to distinguish the + virtual address across the various failover machines that + share the address on the network.</para> + <para>The two machines should be configured identically other - than their hostnames and <acronym>VHID</acronym>s. This - example calls these machines - <systemitem>hosta.example.org</systemitem> and - <systemitem>hostb.example.org</systemitem> respectively. First, the - required lines for a <acronym>CARP</acronym> configuration - have to be added to <filename>/etc/rc.conf</filename>. Here - are the lines for + than their hostnames, unique <acronym>IP</acronym> addresses + and <acronym>VHID</acronym>s. This example calls these + machines <systemitem>hosta.example.org</systemitem> and + <systemitem>hostb.example.org</systemitem> respectively. + First, the required lines for a <acronym>CARP</acronym> + configuration have to be added to + <filename>/etc/rc.conf</filename>. Here are example lines for <systemitem>hosta.example.org</systemitem>:</para> <programlisting>hostname="hosta.example.org" -ifconfig_fxp0="inet 192.168.1.3 netmask 255.255.255.0" +ifconfig_fxp0="inet <systemitem class="ipaddress">192.168.1.3</systemitem> netmask 255.255.255.0" cloned_interfaces="carp0" -ifconfig_carp0="vhid 1 pass testpass 192.168.1.50/24"</programlisting> +ifconfig_carp0="vhid 1 pass testpass <systemitem class="ipaddress">192.168.1.50</systemitem>/24"</programlisting> <para>On <systemitem>hostb.example.org</systemitem>, use the following lines:</para> <programlisting>hostname="hostb.example.org" -ifconfig_fxp0="inet 192.168.1.4 netmask 255.255.255.0" +ifconfig_fxp0="inet <systemitem class="ipaddress">192.168.1.4</systemitem> netmask 255.255.255.0" cloned_interfaces="carp0" -ifconfig_carp0="vhid 2 pass testpass 192.168.1.51/24"</programlisting> +ifconfig_carp0="vhid 2 pass testpass <systemitem class="ipaddress">192.168.1.51</systemitem>/24"</programlisting> <note> <para>It is very important that the passwords, specified by - the <option>pass</option> option to &man.ifconfig.8;, are + <option>pass</option> with &man.ifconfig.8;, are identical. The <filename>carp</filename> devices will only listen to and accept advertisements from machines with the correct password. The <acronym>VHID</acronym> @@ -5742,7 +5888,7 @@ must also be unique for each machine.</para> </note> - <para>The third machine, <systemitem>provider.example.org</systemitem>, + <para>The third machine, <systemitem>hostc.example.org</systemitem>, should be prepared so that it may handle failover from either host. This machine will require two <filename>carp</filename> devices, one to handle each @@ -5749,26 +5895,26 @@ host. The appropriate <filename>/etc/rc.conf</filename> configuration lines will be similar to the following:</para> - <programlisting>hostname="provider.example.org" -ifconfig_fxp0="inet 192.168.1.5 netmask 255.255.255.0" + <programlisting>hostname="hostc.example.org" +ifconfig_fxp0="inet <systemitem class="ipaddress">192.168.1.5</systemitem> netmask 255.255.255.0" cloned_interfaces="carp0 carp1" -ifconfig_carp0="vhid 1 advskew 100 pass testpass 192.168.1.50/24" -ifconfig_carp1="vhid 2 advskew 100 pass testpass 192.168.1.51/24"</programlisting> +ifconfig_carp0="vhid 1 advskew 100 pass testpass <systemitem class="ipaddress">192.168.1.50</systemitem>/24" +ifconfig_carp1="vhid 2 advskew 100 pass testpass <systemitem class="ipaddress">192.168.1.51</systemitem>/24"</programlisting> <para>Having the two <filename>carp</filename> devices will - allow <systemitem>provider.example.org</systemitem> to notice and pick + allow <systemitem>hostc.example.org</systemitem> to notice and pick up the <acronym>IP</acronym> address of either machine, should - it stop responding.</para> + it become unavailable.</para> <note> <para>The default &os; kernel <emphasis>may</emphasis> have preemption enabled. If so, - <systemitem>provider.example.org</systemitem> may not relinquish the + <systemitem>hostc.example.org</systemitem> may not relinquish the <acronym>IP</acronym> address back to the original content server. In this case, an administrator may have to manually force the <acronym>IP</acronym> back to the master. The following command should be issued on - <systemitem>provider.example.org</systemitem>:</para> + <systemitem>hostc.example.org</systemitem>:</para> <screen>&prompt.root; <userinput>ifconfig carp0 down && ifconfig carp0 up</userinput></screen> @@ -5780,6 +5926,63 @@ and available for testing. For testing, either networking has to be restarted or the machines rebooted.</para> + <para><acronym>CARP</acronym> functionality should now be + available and may be tuned via several &man.sysctl.8; + variables:</para> + + <informaltable frame="none" pgwide="1"> + <tgroup cols="2"> + <thead> + <row> + <entry>OID</entry> + <entry>Description</entry> + </row> + </thead> + + <tbody> + <row> + <entry><varname>net.inet.carp.allow</varname></entry> + <entry>Accept incoming <acronym>CARP</acronym> packets. + Enabled by default.</entry> + </row> + + <row> + <entry><varname>net.inet.carp.preempt</varname></entry> + <entry>This option downs all of the + <acronym>CARP</acronym> interfaces on the host when one + goes down. Disabled by default.</entry> + </row> + + <row> + <entry><varname>net.inet.carp.log</varname></entry> + <entry>A value of <literal>0</literal> disables any + logging. A value of <literal>1</literal> enables + logging of bad <acronym>CARP</acronym> packets. Values + greater than <literal>1</literal> enable logging of + state changes for the <acronym>CARP</acronym> + interfaces. The default value is + <literal>1</literal>.</entry> + </row> + + <row> + <entry><varname>net.inet.carp.arpbalance</varname></entry> + <entry>Balance local network traffic using + <acronym>ARP</acronym>. Disabled by default.</entry> + </row> + + <row> + <entry><varname>net.inet.carp.suppress_preempt</varname></entry> + <entry>A read-only variable showing the status of + preemption suppression. Preemption can be suppressed + if the link on an interface is down. A value of + <literal>0</literal> means that preemption is not + suppressed. Every problem increments this + variable.</entry> + </row> + </tbody> + </tgroup> + </informaltable> + <para>More information is available in &man.carp.4;.</para> </sect2> </sect1> --------------020801060300060708020404-- _______________________________________________ freebsd-doc@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-doc To unsubscribe, send any mail to "freebsd-doc-unsubscr...@freebsd.org"