Server failover setup
i have a server running behind my firewall, there is a backup-server which mirrors my primary server every few hours by connecting to the primary server, tar'ing all relevant files/directories, copying that tar to the backup server, it then extracts those files in the appropriate places. the usefulness of this is that in the event of a failure in my primary server, all i have to do is point pfsense port forwarding at the backup server instead and no one can tell the difference excepts a little reduced performance.
i know its able to be done, im just not sure how to go about it in pfsense, i dont even really know what the proper terminology is making it hard to search for. i have been looking into CARP but i dont really know much about it. what i am trying to accomplish is automatic failover to the backup server in the case that the primary server fails to respond or is not online.
could someone be so kind as to point me in the right direction.
EDIT: i think it should be said that i am not looking for load balancing between the two servers, my primary server is multiple times more powerful then my backup, and since much of the services running on my server are either data-base oriented or are services which can not be balanced so i am looking only for failover redundancy in case of failure
Buy the book…;)
Or Search for CARP in here......
Buy the book…;)
I really hope this isn't going to become a default response here. I think if someone is going to respond with "buy the book" they should just avoid posting altogether.
To actually answer the question, what you want is Incoming Load Balancing, if I understand you correctly.
thank you for your reply, will incoming load balancing allow me to use one server only in the instance of failure to communicate with the primary web server? i dont want incoming connections to reach the secondary server at all if the primary one is online. it would be havoc for my databases if sometimes people got routed to one and sometimes to another.
never the less thanks for the info i will read and attempt what you have posted
after reading and going through the walkthrough this does indeed seem to be what i want, however one problem in setting up the virtual server, i do not have a static IP address, i use a dynamic dns service to ensure i am always able to connect to my servers.
the note says
NOTE: This is normally the WAN IP address that you would like the server to listen on.
i can not enter a WAN ip address as it is not static and might change. how should i procede??
i followed the instructions as best i could and it seems to work, it was a little confusing because when you enter ip's into the pool it seems to prioritize from the bottom up, so you add your servers to the pool in the reverse order as you want them accessed? to test this i simply put a page on each server that said primary or secondary, at first it always said secondary.. but after reversing the order they are added to the pool it always says primary. if i unplug my network cable from primary and refresh then it says secondary, plug it back in… back to primary.
aslong as this is the actual pattern that it will ALWAYS follow (no random going to secondary when primary is still available) then this is exactly what i am looking for. i am, however, still in need of putting something better in the WAN ip address, to test it i simply put my current WAN IP, if that IP changes i suspect that it will stop working, which is undesirable .
initially i thought that it was working/what i wanted to do. testing it on an isolated setup consisting simply of 3 old computers 1 running pfsense the other 2 simple webservers it seemed to do what i want. i test all changes i am going to make on this setup as to avoid downtime to mis-configurations on my actual network.
the second i made the changes to my actual firewall it did not work as i thought it did. it seems that it was load balancing between my primary and backup even through it was set to "failover" as long as the traffic is low it does primary and only secondary if primary is unavailable, but when put into actual use where my real servers are receiving many http requests per second it seemed that the backup server was getting about half the requests.
this causes many problems because the sites i run are heavily database driven, any database changes made on my primary server are not carried over to my backup server for several hours, also if my backup server processes a log-in then next page refresh you get my primary server, your login is not recognized on that server.
what i really need is for my backup server to ONLY process requests in the event that my primary server is completely 100% offline. the backup server is only there to prevent my sites from being completely down during the (hopefully)short time it will take to fix a problem with my primary server in the event of a catastrophic failure (like power supply fails, or network card fails etc).
i would just like to do this for the peace of mind in knowing that if my server goes down the backup will be able to automatically pick up instead of just having all my sites unreachable completely.
You just need to cluster the servers and make the PFSense redundant via CARP….. That will solve your problem.
Kage, it actually is a little confusing in that failover only applies to outbound load balancing (multi-WAN). While it is true that inbound load balancing is round-robin only, you can "fake" a failover when you're only using two servers. Simply add the primary server only to the pool, and then when you create the "server" put the secondary server into the "Pool down server" field.