On Friday 21 April 2006 12:18, Stuart Henderson wrote: > On 2006/04/21 12:08, Ashley Moran wrote: > > I think rdr/source-hash avoids the need to use CARP on the web servers, > > Failover should be quicker if you CARP on the web servers. Otherwise > you have to wait until the monitoring script on the rdr box picks up the > failure.
That's a good point about failover time. The only issue I can see with CARP is that if you have N boxes and one fails, one box gets double load instead of it being distributed across the other N-1 boxes, so if we had several boxes under heavy load we'd still want some monitoring to take the failed master out of the pool. Mind you this is very hypothetical as our vast budget only stretches to N=2 right now! I think I'll go ahead with just pf and CARP on the firewalls, and CARP and monit on the web servers, and see how I get along. That should handle server and daemon failures respectively, and allow me to pull each server down for upgrades, without complicating SSL. Thanks for everyone's help on this - I think I'd be still wading through mud otherwise Ashley
