Hi,
On Wed, Nov 04, 2009 at 05:31:35PM +0000, Matt wrote:
> Thanks for the quick response Mike. Which option is it for passing
> the clients source IP? I haven't looked to configure anything like
> that.
>
> I realised my test harness was on both networks, i've now run the
> tests again with it just on the 10.x network while failing haproxy
> over a couple of times. I'm only getting a handful (out of 100 users)
> socket resets every time I fail it over. Looking at the routing table
> the source IP must be the haproxy servers as i'm unable to see the
> 10.x network from the backend servers. So haproxy is handling the
> whole request.
>
> Make sense?
Yes this makes sense and is a very common setup in fact. You just have to wonder why you want your haproxy to sit between two networks. Maybe you're bypassing a firewall, which is not good security-wise. I think that's why Michael asked you if your haproxy machine was going to be the gateway for the servers, because it could have made sense that this machine was the router/fw between the two LANs.
Also, when building HA clusters, it's a good idea to set /proc/sys/net/ipv4/ip_non_local_bind to 1. It will allow a process from one machine to bind to a service address it doesn't yet own (typically the backup server). At the beginning you don't need this because you use *:80, but quite soon you may support multiple service addresses on the same port and you will need this.
Regards,
Willy
Received on 2009/11/05 05:52
This archive was generated by hypermail 2.2.0 : 2009/11/05 06:00 CET