Solved How To Install UCarp on FreeBSD13?

fr33bsd

fr33bsd

Greetings,

I have just tried to install ucarp on a FreeBSD13 test machine using DVD1:

mkdir -p /dist
mount -t cd9660 /dev/cd0 /dist
setenv REPOS_DIR /dist/packages/repos
pkg bootstrap
pkg update -f


Everything is fine until here, but then

pkg install ucarp
and
pkg install net/ucarp

said: "sorry, no ucarp package found" :'‑(

Other packages can be installed.

I did some research. I found that ucarp is for linux regarding this.

Now, I am confused. I thought ucarp is for FreeBSD. Regarding https://en.wikipedia.org/wiki/Ucarp I see it is not. ;) I am trying to install HAST.
 
If the original master server becomes available again, hostc.example.org will not release the virtual IP address back to it automatically. For this to happen, preemption has to be enabled. The feature is disabled by default, it is controlled via the sysctl(8) variable net.inet.carp.preempt. The administrator can force the backup server to return the IP address to the master
Click to expand...
Preemption has to be enabled on both machines, right, - or backup only?
 
I personally don't like to enable it. I much rather have the control myself. The risk of enabling preemption is that you can get into a "ping-pong" situation where the MASTER role keeps bouncing back and forth between the two hosts.
 
SirDice said:
I personally don't like to enable it. I much rather have the control myself. The risk of enabling preemption is that you can get into a "ping-pong" situation where the MASTER role keeps bouncing back and forth between the two hosts.
Click to expand...
Well, you can enable it ondemand with sysctl, switch back and disable it again with sysctl.
 
fr33bsd said:
Well, you can enable it ondemand with sysctl, switch back and disable it again with sysctl.
Click to expand...
What's the point if you can just as easily switch roles on the command line?

ifconfig em0 vhid 1 state MASTER or ifconfig em0 vhid 1 state BACKUP

We're using carp(4) to switch between two HAProxy hosts. CARP is just there in case of emergency, if the MASTER server dies (for whatever reason) the role is automatically taken over by the backup. You don't need preemption for that. The preemption just causes it to switch back. And I prefer to do this by hand after I verified the server is in working order. I also use it to switch a server to the BACKUP state so I can take it offline for updates.
 
Agreed. Anyways ... carp does not work :what: I followed the instructions in the handbook and read carefully.

I can login on each of the two nodes and I can also see the carp config when I use ifconfig to get network information displayed.

On both machines I can see the shared IP, but I cannot ping it. I can ping A->B and B->A and C->A and C->B, but C->S (S is shared) and B->S and A->S do not work.

Code: 
hostname="hosta.example.org"
ifconfig_em0="inet 192.168.1.3 netmask 255.255.255.0"
ifconfig_em0_alias0="inet vhid 1 pass testpass alias 192.168.1.100/32"
Code: 
hostname="hostb.example.org"
ifconfig_em0="inet 192.168.1.4 netmask 255.255.255.0"
ifconfig_em0_alias0="inet vhid 1 advskew 100 pass testpass alias 192.168.1.100/32"
carp module is loaded, preemption is on on both nodes.:-/ Both nodes have been rebooted. I did even disable preemption on both.

BTW: S is 192.168.1.100.
 
Are they virtual machines? If it's on VMWare or VirtualBox you need to enable the interfaces in the VM's configuration to allow promiscuous mode.
 
Both nodes are virtual, running in vmware workstation. Could this be the source of the trouble?

You were faster, SirDice. 😁

Yes - promiscuous mode. I added
Code: 
ethernet0.noPromisc = "FALSE"
to both vmx files (vmware workstation) and it failed again, but I guess I know why:

I am running the test on linux machine with vmware workstation, so
sudo chown <user>.<group> /dev/vmnet1
fixed the problem.

Thank you for help, SirDice. 👊😎👍

Post note: I tried to ssh to node 1 via shared ip. Worked. After shutdown of node 1 I directly tried to connect to shared IP and I should be connected to node 2. Well, I tried 5 times to ssh to node 2 within approx. 3 seconds without success. The sixth try worked: I got connected to node2 via shared ip.

I started a ping benchmark on this and the fail-over worked within 4 ping approaches, 3 ping packages lost, - that should be around 4 seconds.

Is there any way to tune the fail-over speed?
 
Additional
parameters can also be set on a per-vhid basis: advbase and advskew,
which are used to control how frequently the host sends advertisements
when it is the master for a virtual host, and pass which is used to au-
thenticate carp advertisements. The advbase parameter stands for
"advertisement base". It is measured in seconds and specifies the base
of the advertisement interval. The advskew parameter stands for
"advertisement skew". It is measured in 1/256 of seconds. It is added
to the base advertisement interval to make one host advertise a bit
slower that the other does. Both advbase and advskew are put inside CARP
advertisements. These values can be configured using ifconfig(8), or
through the SIOCSVH ioctl(2).
Click to expand...
Well, I tried
Code: 
advskew 25
on node 2. Theoretically it should reduce the fail-over time a little, but it did't.
I guess when you set the value too low, node 2 will flood node 1. So, in the end: approx 3 seconds fail-over mechanism should be enough for 2 vms.

Maybe you can get better results on bare metal setup using infiniband ... 😁 :-/
 
SirDice said:
Are they virtual machines? If it's on VMWare or VirtualBox you need to enable the interfaces in the VM's configuration to allow promiscuous mode.
Click to expand...
net/ucarp
Because UCARP does not require "promiscuous mode" on interfaces, it may be a suitable option in environments where carp(4) may be difficult to deploy, such as in clouds or other virtualized infrastructures.
Click to expand...
 
You must log in or register to reply here.
Back
Top