[Pacemaker] Routing-Ressources on a 2-Node-Cluster

[Devin Reade]

David Coulson <david at davidcoulson.net> wrote:

> Your configuration seems to have way too many moving parts and since you are making routing changes when the nodes become primary it is difficult to ensure that it will actually work based upon the monitoring you are doing when it is passive.
> 
> Not 100% sure what you're trying to accomplish, but when a config is this complex it's usually not ideal.

I would concur with this observation.

To the OP:

You're trying to achieve two orthogonal types of availability: Server and
network.  Trying to do this on a single cluster is far too complex with
the setup you've described. Assuming you can get it working at all, it
sounds overly fragile.

Assuming that you can't get ahold of your own statics, have your own ASN,
and have the statics routed by more than one ISP, I'd suggest breaking it
out into two pieces:

(1) Deal with the network connectivity by a pair of highly-available 
    firewalls (OpenBSD with carp et al works very well for this).  You
    can listen for connections coming from both ISPs and route them 
    to the Linux HA-cluster (you can configure things so that the return
    packets go out the correct ISP link).  Depending on your situation
    you *may* be able to configure non-return outbound traffic to use
    both ISP links as well.

(2) Build a more normal Linux HA-cluster NAT'd behind those firewalls.
    That way the Linux cluster has only one (redundant) default route
    and it's configuration, which is already complex, doesn't become
    unmanageable.

I have this type of configuration active in a few locations and it
works well.  It also has the advantage that other non-HA resources
on the network also benefit from the redundant firewalls / ISP links.

If you insist on trying to do this with just the Linux-HA cluster,
I don't have any suggestions as to how you should proceed.

Devin