Running several VIPs on the same interface with ucarp and haproxy

In: Linux

2 Apr 2010

We have re-written parts of the default configuration for ucarp & haproxy to run several VIPs on the same interface. This works on debian, however some minor modifications maybe needed for other distributions.

Ucarp implementation

/etc/network/if-up.d/ucarp

#!/bin/sh

UCARP=/usr/sbin/ucarp
EXTRA_PARAMS=""

if [ ! -x $UCARP ]; then
	exit 0
fi

if [ -z "$IF_UCARP_UPSCRIPT" ]; then
	IF_UCARP_UPSCRIPT=/usr/share/ucarp/vip-up
fi

if [ -z "$IF_UCARP_DOWNSCRIPT" ]; then
	IF_UCARP_DOWNSCRIPT=/usr/share/ucarp/vip-down
fi

if [ -n "$IF_UCARP_MASTER" ]; then
	if ! expr "$IF_UCARP_MASTER" : "no|off|false|0" > /dev/null; then
		EXTRA_PARAMS="-P"
	fi
fi

if [ -n "$IF_UCARP_ADVSKEW" ]; then
	EXTRA_PARAMS="$EXTRA_PARAMS -k $IF_UCARP_ADVSKEW"
fi

if [ -n "$IF_UCARP_ADVBASE" ]; then
	EXTRA_PARAMS="$EXTRA_PARAMS -b $IF_UCARP_ADVBASE"
fi

# Allow logging to custom facility
if [ -n "$IF_UCARP_FACILITY" ] ; then
        EXTRA_PARAMS="$EXTRA_PARAMS -f $IF_UCARP_FACILITY"
fi

# Modified to use start / stop /daemon
if [ -n "$IF_UCARP_VID" -a -n "$IF_UCARP_VIP" -a
		-n "$IF_UCARP_PASSWORD" ]; then
	start-stop-daemon -b -m -S -p "/var/run/ucarp.$IF_UCARP_VIP.pid" -x $UCARP -- -i $IFACE -s $IF_ADDRESS -z
		-v $IF_UCARP_VID -p $IF_UCARP_PASSWORD -a $IF_UCARP_VIP
		-u $IF_UCARP_UPSCRIPT -d $IF_UCARP_DOWNSCRIPT
 		$EXTRA_PARAMS
fi

/etc/network/if-down.d/ucarp

#!/bin/sh

UCARP=/usr/sbin/ucarp
EXTRA_PARAMS=""

if [ ! -x $UCARP ]; then
	exit 0
fi

if [ -z "$IF_UCARP_UPSCRIPT" ]; then
	IF_UCARP_UPSCRIPT=/usr/share/ucarp/vip-up
fi

if [ -z "$IF_UCARP_DOWNSCRIPT" ]; then
	IF_UCARP_DOWNSCRIPT=/usr/share/ucarp/vip-down
fi

if [ -n "$IF_UCARP_MASTER" ]; then
	if ! expr "$IF_UCARP_MASTER" : "no|off|false|0" > /dev/null; then
		EXTRA_PARAMS="-P"
	fi
fi

if [ -n "$IF_UCARP_ADVSKEW" ]; then
	EXTRA_PARAMS="$EXTRA_PARAMS -k $IF_UCARP_ADVSKEW"
fi

if [ -n "$IF_UCARP_ADVBASE" ]; then
	EXTRA_PARAMS="$EXTRA_PARAMS -b $IF_UCARP_ADVBASE"
fi

# Allow logging to custom facility
if [ -n "$IF_UCARP_FACILITY" ] ; then
        EXTRA_PARAMS="$EXTRA_PARAMS -f $IF_UCARP_FACILITY"
fi

# Modified to use start / stop /daemon
if [ -n "$IF_UCARP_VID" -a -n "$IF_UCARP_VIP" -a
		-n "$IF_UCARP_PASSWORD" ]; then
	start-stop-daemon -K -p "/var/run/ucarp.$IF_UCARP_VIP.pid" -x $UCARP -- -i $IFACE -s $IF_ADDRESS -z
		-v $IF_UCARP_VID -p $IF_UCARP_PASSWORD -a $IF_UCARP_VIP
		-u $IF_UCARP_UPSCRIPT -d $IF_UCARP_DOWNSCRIPT
 		$EXTRA_PARAMS
fi

Interfaces

/etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
        address   100.100.100.14
        netmask   255.255.255.192
        broadcast 100.100.100.63
        gateway   100.100.100.1
	up /bin/ip address add 100.100.100.32/32 dev eth0 scope host
	up /sbin/arptables -I OUTPUT -s 100.100.100.32 -j DROP
	down /bin/ip address del 100.100.100.32/32 dev eth0 scope host
	down /sbin/arptables -F
        up /sbin/ifup eth0:1
        down /sbin/ifdown eth0:1
        up /sbin/ifup eth0:2
        down /sbin/ifdown eth0:2
        up /sbin/ifup eth0:3
        down /sbin/ifdown eth0:3
auto eth0:1
iface eth0:1 inet static
        address   100.100.100.26
        netmask   255.255.255.192
        broadcast 100.100.100.63
        ucarp-vid 6
        ucarp-vip 100.100.100.34
        ucarp-password password
        ucarp-advskew 14
        ucarp-advbase 1
        ucarp-facility local1
        ucarp-master no
        ucarp-upscript /etc/network/local/vip-up-mywebsite1.com
        ucarp-downscript /etc/network/local/vip-down-mywebsite1.com
iface eth0:1:ucarp inet static
        address 100.100.100.34
        netmask 255.255.255.192
auto eth0:2
iface eth0:2 inet static
        address   100.100.100.40
        netmask   255.255.255.192
        broadcast 100.100.100.63
        ucarp-vid 9
        ucarp-vip 100.100.100.36
        ucarp-password password
        ucarp-advskew 14
        ucarp-advbase 1
        ucarp-facility local1
        ucarp-master no
        ucarp-upscript /etc/network/local/vip-up-mywebsite2.com
        ucarp-downscript /etc/network/local/vip-down-mywebsite2.com
iface eth0:2:ucarp inet static
        address 100.100.100.36
        netmask 255.255.255.192
auto eth0:3
iface eth0:3 inet static
        address   100.100.100.44
        netmask   255.255.255.192
        broadcast 100.100.100.63
        ucarp-vid 12
        ucarp-vip 100.100.100.31
        ucarp-password password
        ucarp-advskew 100
        ucarp-advbase 1
        ucarp-facility local1
        ucarp-master no
        ucarp-upscript /etc/network/local/vip-up-mywebsite3.com
        ucarp-downscript /etc/network/local/vip-down-mywebsite3.com
iface eth0:3:ucarp inet static
        address 100.100.100.31
        netmask 255.255.255.192

HA Proxy Configuration

This needs to be stored for each VIP in the listed interfaces above

/etc/network/local/vip-up-mywebsite1.com

#!/bin/sh

/sbin/ifup $1:ucarp
start-stop-daemon -S -p  /var/run/haproxy.mywebsite1.com.pid -x /usr/sbin/haproxy  -- -f /etc/haproxy/haproxy.mywebsite1.com.cfg  -D  -p /var/run/haproxy.mywebsite1.com.pid

/etc/network/local/vip-down-mywebsite1.com

#!/bin/bash

start-stop-daemon -K -p  /var/run/haproxy.mywebsite1.com.pid -x /usr/sbin/haproxy  -- -f /etc/haproxy/haproxy.mywebsite1.com.cfg  -D  -p /var/run/haproxy.mywebsite1.com.pid
/sbin/ifdown $1:ucarp

/etc/haproxy/haproxy.mywebsite1.com.cfg

# this config needs haproxy-1.1.28 or haproxy-1.2.1

global
        log /dev/log    local1
        #log loghost    local0 info
        maxconn 4096
        #chroot /usr/share/haproxy
        user haproxy
        group haproxy
        daemon
        #debug
        #quiet

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        retries 3
        option redispatch
        # option  httpclose
        maxconn 2000
        contimeout      50000
        clitimeout      50000
        srvtimeout      120000
        # option      httpclose
        option  forwardfor

listen myweb1 100.100.100.31:80
        mode http
        balance roundrobin
        stats enable
        stats realm HaProxy Statistics
        stats auth stats:password
        stats scope .
        stats uri /haproxy?stats
        server web1 100.100.100.44:80 check inter 2000 fall 3
        server web2 100.100.100.45:80 check inter 2000 fall 3
        server web3 100.100.100.46:80 check inter 2000 fall 3

Disable the startup of haproxy and ifup the interfaces.

sed -i 's/ENABLED=1/ENABLED=0/g'
/etc/init.d/haproxy stop

Comment Form

About this blog

I have been a developer for roughly 10 years and have worked with an extensive range of technologies. Whilst working for relatively small companies, I have worked with all aspects of the development life cycle, which has given me a broad and in-depth experience.