Home

OpenBSD loadbalancing and failover with relayd, pf and carp.

Wow, OpenBSD is such a good network operating system! Besides the great firewall pf(4), the excellent virtual network interface carp(4), there is a tool (ships with OpenBSD) called relayd(8). The last tool makes loadbalancing available for OpenBSD.

First setup a carp device as described on both OpenBSD machines.

Now uncomment these two rules in /etc/pf.conf:

rdr-anchor "relayd/*"
anchor "relayd/*"

And add these rules to enable full TCP state takeover. This means any OpenBSD machine may go down/reboot/fail while all existing connections will be taken over by the other. I have tried listening to a stream of music through this setup, it works like a charm!

pcn0 is the interface connected to your network, pcn1 is the interface that has a cross cable to the other openbsd machine. (pcn1 exists solely for pfsync, I consider the cross cable very reliable.)

pass quick on { pcn1 } proto pfsync keep state (no-sync)
pass on { pcn0 pcn1 } proto carp keep state

And edit /etc/relayd.conf to look something like this on both hosts.

ext_addr="192.168.1.123"
webhost1="192.168.1.2"
webhost2="192.168.1.3"

table <webhosts> { $webhost1 $webhost2 }
relay www {
  listen on $ext_addr port http
  forward to <webhosts> port http mode loadbalance check http "/" code 200
}

Add this line to /etc/rc.conf.local on both machines for starting relayd at boot time.

relayd_flags=""

Reload pf and start relayd on both machines:

# pfctl -F all -f /etc/pf.conf
# relayd

You now have a highly available, failover loadbalancer!

Comments

Fri, 11/27/2009 - 15:27 — tsakf (not verified)

Liked the article, very

Liked the article, very informative. Added it to my library:
http://fosslib.tsakf.net/record/301