wiredfool

I’ve been using spread and whackamole for IP address failover on Debian Etch, but I’ve noticed that they’re not 100% reliable in my setup, in some cases hanging when I’m trying to query who owns a node, and in others, just not picking up the ip address that’s shared between two machines.

What I’m doing involves an active machine (or vmware instance) and a hot spare running the same code and ready to take over instantly. There’s generally very little state, as these are inbound load balancers or outbound gateways. Where I have lots of state, like database, the failover mechanisims are a little different.

I’m testing out ucarp as a replacement. It has it’s good points — it’s one piece that’s reasonably easy to setup, and bad points that it’s not exactly high profile. The current version (1.5) is a released version of the snapshot (1.5_0802222) in lenny/testing and has some significant bug fixes, so I’ve pulled the source package in from lenny/testing and the distribution from the main distribution site and compiled it on etch for a quick backport. There’s one patch line that failed — the options accepted on the command line, and that appears to have been integrated in the upstream package.

The package from lenny worked reasonably well in testing, but showed some issues in production related to not being able to “Can’t do IP\_ADD\_MEMBERSHIP”, which is necessary to recieve the multicast packets. This was fixed in 1.5 final.

Ucarp is a little different than wackamole. Wackamole just grabs an ip address when it detects that it needs to, Ucarp runs a script when it determines that the ip address needs to be aquired or dropped. This was something that I had wanted with wackamole for poking at daemons and such. The debian port has integrated the control of ucarp into the /etc/network/interfaces file, so straightforward configurations can be done completely in that file.

In /etc/network/interfaces

auto eth0
iface eth0 inet static
        address 192.168.10.91
        netmask 255.255.255.0
        gateway 192.168.10.1

        ucarp-vid 90
        ucarp-vip 192.168.10.90
        ucarp-password foobar
        ucarp-advskew 1
        ucarp-master yes
        
# ucarp controlled.
iface eth0:ucarp inet static
        address 192.168.10.90
        netmask 255.255.255.0
        

The options on ucarp bear explaining:

* vid: 90 an id. ucarp will communicate with any other instance using this id, so this needs to be consistent between the master and the spare
* vip: the address to be managed
* password: A shared password between the instances
* advskew: Lower numbers will win the election of which instance should be the master
* master: if this instance should startup as the master

This approach seems to work well for some tests, the failover time for pinging is 3-4 seconds total. But for apachebench and funkload, it seems that once they get an arp of the machine that’s getting taken over, that one stays resident until the next invocation of the app.