Hi,
I've setup pf relayd and carp to work together as a load balancer. I
have one carp interface on the public internet on both servers :
inet 192.168.172.77 255.255.255.240 192.168.172.79 vhid 1 pass foo
inet alias 192.168.172.74 255.255.255.255
I wish to use ip aliases on the carp interface to send load balanced
traffic through relayd, traffic such as http/https. I goal here is the
to be able to bind service ports to external ip aliases on the carp
interface and proxy the traffic to my internal network.
I have relayd configured to recieve https traffic from aliased ip of
the carp interface :
relay https-proxy {
listen on 192.168.172.74 port 443 ssl
protocol https
forward to <webhosts> port 80 mode loadbalance check http "/" code 200
}
Now this configuration works like a charm..but not for long. After a
while I get timed out to the server. I tried setting up a second carp
interface with a different vhid to be sure that there was no
conflicts. Even after that I get the same symptom. When I try to
tcpdump the incoming traffic I see nothing coming in. All of this
happens after a while not right away, I have to do sh /etc/netstart on
both servers for it to go back to normal and then a while later it
starts to have the same reaction. Has anyone tried this sort of
configuration ? If Yes, do you have production examples or best
practices you can share ?
Thank you very much for your kind support.
"Nonviolence means avoiding not only external physical violence but
also internal violence of spirit. You not only refuse to shoot a man,
but you refuse to hate him". Rev. Martin Luther King Jr.
