> Using keepalived you will need the "lvs_sync_daemon_interface"
> configuration option for a given VRRP instance. If you have the same
on
> both your MASTER and BACKUP, the BACKUP will sync state correctly and
> connection states should carry over on failover.
Cool.
> On failback, however, you may need to make use of the preempt_delay
> option to give the machine which will become MASTER time to populate
> its' state table.
Cool cool.
> > Second. Email doesn't work with keepalived.
>
> This sounds like you have set it up in such a way that it's using
> "bogus" sender addresses which fail to verify in the SMTP server's
RCPT
> TO: transaction. If you can post both your config and your mail server
> errors we can see what's going on - and note that there's a keepalived
> specific mailing list too; see http://www.keepalived.org/listes.html
Yeah. I've looked on that list. Last email I saw on there was September
of last year, considering that the last update of keepalived was early
'05 I figured it had died off.
Although I didn't run this through my own email servers (where I have
access to the logs) the "to" was to a valid email account on the server
it was sent to. I'll ethereal it and see if I can dig up some more info.
Maybe I'll end up just having it call shell scripts that will send out
mail for me.
> > Third. I believe I can use keepalived to just switch a VIP and GIP
> > between two servers that act as routers (one master, one backup)
without
> > needing to run any services behind them. You guys see any problems
with
> > going this route?
>
> No. You can use keepalived just to do VRRP quite happily.
Cool cool cool. One last item on this particular configuration. These
boxes use iptables RELATED,EXISTING commands to forward traffic at the
head of it's rules so existing connections don't have their packets run
through all the rules every time. Does the lvs_sync_daemon_interface
populate the iptables connection table, or is it just the vrrp
connection tables?
The scenario I see is an existing connection that matched firewall rules
getting dropped by the backup iptables rules when he switches to master
because his iptables state wasn't aware of the connection. Is that a
correct assessment?
Thanks for your quick and informative help.
|