Hi everyone. I found some discussions about this issue, but have failed to
find anything that resolves it.
We have 5 web nodes and are using hoststated with pf to load balance inbound
web traffic between the servers. We are currently using sticky-address to
make sure that a person who starts a session on a webserver stays on that
server. However, the problem comes when one of the nodes dies. If a
webserver that I was stickied to dies then I continue to get sent to the
down server while new people get correctly sent to the other servers. Turns
out I stay at the down one until pf kills my state.
The only way to send my stickied self over to an up server is to run a pfctl
-K command on my connecting ip. Shouldn't hoststated handle this
automatically. It seems trivial for hoststated to kill all old states that
are stickied to a down node give that we can do it with pfctl.
Do I have a wrong idea about how sticky-address should work? I thought that
using it with hoststated would guarantee that all traffic, with states or
new, would be rdr'd to an up server.
Below is my /etc/hoststated.conf file
# $OpenBSD: hoststated.conf,v 1.6 2007/02/26 20:43:32 reyk Exp $
#
# Macros
#
#ext_addr="192.168.1.1"
#webhost1="10.0.0.1"
#webhost2="10.0.0.2"
web1="192.168.2.20"
web2="192.168.2.21"
web3="192.168.2.22"
web4="192.168.2.23"
web5="192.168.2.24"
sta1="192.168.2.100"
sta2="192.168.2.101"
#
# Global Options
#
interval 5
timeout 4000
# prefork 5
#
# Each table will be mapped to a pf table.
#
##########################
table web_cluster {
real port http
check http "/check/index.php" code 200
host $web1
host $web2
host $web3
host $web4
host $web5
}
table sta_cluster {
real port http
check http "/check/index.php" code 200
host $sta1
host $sta2
}
##########################table fallback {
# real port http
# check icmp
# host 127.0.0.1
#}
#
# Services will be mapped to a rdr rule.
#
##########################
service web_www {
virtual host XXX.XXX.XXX.130 port http interface em0
virtual host XXX.XXX.XXX.210 port http interface em0
virtual host XXX.XXX.XXX.211 port http interface em0
virtual host XXX.XXX.XXX.212 port http interface em0
virtual host XXX.XXX.XXX.213 port http interface em0
virtual host XXX.XXX.XXX.214 port http interface em0
virtual host XXX.XXX.XXX.150 port http interface em0
# tag every packet that goes thru the rdr rule with HOSTSTATED
tag HOSTSTATED
#sticky-address
table web_cluster
#backup table fallback
}
service sta_www {
virtual host XXX.XXX.XXX.179 port http interface em0
# tag every packet that goes thru the rdr rule with HOSTSTATED
tag HOSTSTATED
#sticky-address
table sta_cluster
#backup table fallback
}
##########################
#
# Relays and protocols are used for Layer 7 loadbalancing
#
protocol httpssl {
protocol http
header append "$REMOTE_ADDR" to "X-Forwarded-For"
header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By"
header change "HTTPS" to "on"
header change "Connection" to "close"
header change "Keep-Alive" to "$TIMEOUT"
# Various TCP performance options
tcp { nodelay, sack, socket buffer 65536, backlog 128 }
#tcp { nodelay, socket buffer 65536 }
#ssl { no sslv2, sslv3, tlsv1, ciphers HIGH }
#ssl session cache disable
}
relay acc_www_secure {
# Run as a SSL accelerator
listen on accounts.logicads.com port 443 ssl
protocol httpssl
timeout 99999
# Forward to hosts in the webhosts table using a src/dst hash
table web_cluster loadbalance
}
relay trk_www_secure {
# Run as a SSL accelerator
listen on trk.logicads.com port 443 ssl
protocol httpssl
timeout 99999
# Forward to hosts in the webhosts table using a src/dst hash
table web_cluster loadbalance
}
