Wednesday, January 19, 2011

Firewall or other solution for automatic fail-over to a second server?

Assume a situation like this:

  • Server 1 - FreeBSD, Apache -- serves all web traffic

  • Server 2 - FreeBSD, Apache -- just sits there idling

Is that an easy way to set things up so that if Server 1 fails, traffic is automatically routed to Server 2 instead?

A quick brain-storm about it makes me think there must be some sort of trivial firewall or hardware appliance I can set up in front of both boxes that would do a:

  • Receive request on port XXX
  • Try to forward request to Server 1
  • If SUCCESS Return response
  • Otherwise try to forward request to Server 2, return response

Additional question: I'm familiar with pfSense... can this be done in pfSense?

From serverfault

  • you can get a barracuda load balancer or setup load balancing on your firewall.

    : OK, to clarify though - I *do not* want to load-balance here. I want to only have anything hit Server 2 *if Server 1 has failed*. Is your answer still applicable?
    From Rob

  • You have a few options:

    • Establish a "floating" ip address and a mechanism for moving it from one host to another in the event of a failure. This sort of feature is provided by "high availbility" solutions such as the Linux HA project and Pacemaker.

      This solution requires no extra hardware.

    • Put a load-balancing proxy in front of the two servers. This is a system that accepts connections from clients and then passes them on to the backend server. Typically, a proxy can be configured to either balance the load between the two or two treat one as a failover target (to be used only if the primary system fails). You have lots of options in this category:

      • Apache includes a load balancer; see the mod_proxy_balancer documentation.
      • Pound is a simply-to-configure and flexible HTTP/HTTPS proxy.
      • Balance is a simple TCP proxy (which means it will work for protocols other than HTTP).

      And there are many, many others. In general, most software that can act as a reverse HTTP proxy (Squid, nginx, varnish, etc) can do this sort active/passive web cluster.

    • The Linux Virtual Server Project provides a kernel-level load balancing solution.

    Something in this list should help you out or at least get you headed in the right direction.

    You asked specifically about pfSense. From the pfSense web site:

    Limitations

    • Equally distributes load between all available servers - unable to unequally distribute load between servers at this time.
    • Only checks if the server responds to pings or TCP port connections. Cannot check if the server is returning valid content.

    So unless the docs are out of date pfSense will not do what you want.

    From larsks

  • If you dont want to invest any extra cash in this project, Linux HA would be an excellent fit. It works the best as it doesn't require you to build out extensive and expensive extra infrastructure(like a separate DB cluster)

    Also, speaking of DB - unless your webserver hosts some static data, you need to make sure two servers stay in sync. Can you describe your setup in little more detail

    From Vitaliy
Posted by Mu Cat at 6:09 AM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)