Hi, On Thu, Jul 22, 2010 at 12:51:23PM -0400, Aaron Weeden wrote: > My box is running FreeBSD version 8.1-PRERELEASE. I've created two > jails and want them to be able to share an IP address via CARP. As I > understand it, each host must use the same VHID and IP address on its > carp interface in order to work as a failover for the other hosts. > I'm also under the impression that jails cannot create interfaces, as > my attempt to run 'ifconfig carp0 create' within a jail returned the > error 'ifconfig: SIOCIFCREATE2: Operation not permitted'. I'm > wondering, then, if it's possible to use CARP for two jails on one > host, since attempting to create two carp interfaces with the same > vhid on the parent produces the error 'ifconfig: SIOCSVH: File > exists'. Does anyone here have experience running CARP in jails?
The CARP protocol involves multicast hello packets among the master and backup nodes. Each CARP interface must also be capable of responding to ARP requests if it is operating in MASTER mode. With traditional jails traffic between jails on the same host is sent over the loopback interface which does not support multicasting so thest jails would not be able to see each others hello packets. Since FreeBSD 8 jails support virtual networking (a.k.a. vimage). It looks like it should be possible to do CARP between jails using vnet instances. You'd need to do some network plumbing to get a virtual bus topology network between the jails (ng_ether probably) but I have not yet tried this myself. Also, beware that virtual networking is still not production quality as far as I know and rc.d/jail doesn't know how to set it up (yet). OTOH, is CARP the right solution for your problem? If you would succeed to build the setup using vnet, CARP would only fail over if CARP of the master jail stops sending hello packets. This would normally only occur when the master jail and vnet instance are torn down completely (or the CARP interface in the master jail destroyed). It would not kick in if the application inside the master jail stops responding. If you just want to simulate a multi-host network instead of doing application fail-over then vnet is your best bet. > Thank you, > Aaron Weeden HTH Paul Schenkeveld _______________________________________________ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
