PF DSR Loadbalancing + CARP

I

imrozx

Hi all, I am currently working on load balancer project for DNS. For now the Direct Server Return are working well. But I really want to try to make this as a HA cluster setup. For now the setup is as bellow

Code: 
                          Client
                              |
                              |
                     LB<------|
                              |
                              |
                DNS1<---------|-----------> DNS2

LB config
EM0: 10.10.10.1
EM1: 192.168.0.1
CARP:172.16.0.1 (MASTER)

DNS1 config
EM0: 10.10.10.2
EM1: 192.168.0.2
CARP:172.16.0.1 (BACKUP)

DNS2 config
EM0: 10.10.10.3
EM1: 192.168.0.3
CARP:172.16.0.1 (BACKUP)

Note: all EM1 port for each server are connected to a private network switch.
My PF configs are as below:

Code: 
#server1="192.168.0.1"
server2="192.168.0.2"
server3="192.168.0.3"

pass in quick on em0 route-to { (em1 $server2), (em1 $server3) } round-robin \
proto { udp, tcp } from any to 172.16.0.1 port 53 keep state

pass in all
pass out all keep state

This config works.. but I want to try to make all the server to be LB/DNS HA cluster.
For now I try to add server1 (LB itself ) into the route-to rules but once I reload and try making a query to (VIP 172.16.0.1), It will work for all outside server, but once it reach it self it like there is a loop and the server itself just crash. I have to hard reset the server.
Do I have to do something.. about the rule so that the current LB server also can works as a DNS server too. I am quite noob in this area.

and Thanks for all helps.
 
If you want to balance traffic via pf, you need to specify the "round-robin" option http://www.openbsd.org/faq/pf/pools.html

You should also investigate why the server crashes when it receives DNS queries.

Also, you might consider load-balancing via DNS as well, see if it fits your needs.

PS: no need for "pass in" since this is the default behavior if no "block" rule is specified.
 
da1 said:
If you want to balance traffic via pf, you need to specify the "round-robin" option http://www.openbsd.org/faq/pf/pools.html

You should also investigate why the server crashes when it receives DNS queries.

Also, you might consider load-balancing via DNS as well, see if it fits your needs.

PS: no need for "pass in" since this is the default behavior if no "block" rule is specified.
Click to expand...

Thanks for your reply da1,

I have already add the round-robin option in my rules, and I also did a check on pflog(4) once I have reboot the server from crash.. I could not fine anything to help me solve the problem.

Loadbalancing via DNS is already handled for authoritative DNS but for recursive, some time client only focus on the first given name server, so only my first DNS server will handle the load, while the second one will not answer anything till the first server dies. Its like active-passive.

P.S. I will take note on the pass-in recommendation.. :)
 
You must log in or register to reply here.
Back
Top