Floating/Virtual IP for redundancy and/or load balance

Discussion in 'Tomato Firmware' started by eangulus, Feb 11, 2018.

  1. eangulus

    eangulus Network Guru Member

    Hi,

    We currently run 2 Synology NAS's in duplicate for redundancy. We have been running them under Synology High Availability, but have had issues. Twice in the past 6 months the HA has failed to do its job and now we no longer trust it. Also it was an Active Slave config with no option for an Active Active. To me this seemed a waste of resources.

    I have now setup both NAS's seperatly but identical, and have managed to get. 2 way live sync which so far works quite well.

    This issue now is that if the main unit fails, I will need to change over IP address to bring the slave unit into service.

    So to solve this I was wondering if there was something I could do on my RT-AC3200 running kille tomato firmware.

    So in order of minimum to dream setup:

    Is there a way either via NAT or scripting where I can have a virtual IP address that can be pointed to the real IP address to ease switching the units.

    Or a way to have a virtual/floating IP that will check for the real IP and connect to the live one, making switchover automatic.

    And is there a way it could possibly split load between the units either automatically or hard code up ranges to use each NAS for example send office traffic to NAS 1 and security camera storage to NAS 2 therefore giving us an Active Active setup.

    PS: I don't know allot about NAT routing but can work out basic things. I am not afraid to get my hands dirty either with working this out.

    I figured that seeing I can run a VPN and direct particular IP addresses and particular ports over it while bypassing others, my request seems very basic in comparison, so figured it should be possible.

    Sent from my Pixel XL using Tapatalk
     
  2. eibgrad

    eibgrad Network Guru Member

    Biggest problem at the moment is that the router never gets involved in LAN to LAN traffic. For LAN to LAN traffic, you don't even need a router; a switch will suffice.

    One way to get the router involved in LAN to LAN traffic is to trick the clients into believing the target (NAS) lies outside its own IP network, then route it back into the same network using NAT (specifically DNAT), aka NAT loopback.

    IOW, it looks to all your clients that a given resource is remote, and therefore they always access it via their default gateway. And now you have the opportunity to manipulate the traffic at the router. So you could, for example, change the DNAT from one device to another without the client even being aware of it. Now how easy it would be to have the router play the role of "monitor" or "traffic cop" is an open question. Usually these things are done statically, not dynamically.
     
  3. eangulus

    eangulus Network Guru Member

    Thanks for the info there. Great help in my research (not giving up on this).

    I have been researching and I found some stuff regarding floating IP and maybe load balancing using HAProxy or Nginx. Seeing the latter is built in, could I maybe set something up from there? Or maybe need to setup a HAProxy VM...

    Sent from my Pixel XL using Tapatalk
     
  4. eangulus

    eangulus Network Guru Member

    Is it possible for someone to add VRRP to Tomato? VRRP seems to be the feature I need to be able to do this (from what I was told by a guy who does enterprise networks)
     
  5. eibgrad

    eibgrad Network Guru Member

    Normally the avenue for additional features is optware/entware. I checked entware and didn't see it.
     
  6. lancethepants

    lancethepants Network Guru Member

    Yim Sonny likes this.
  7. lancethepants

    lancethepants Network Guru Member

    Yim Sonny likes this.
  8. eangulus

    eangulus Network Guru Member

    Sorry just saw your messages, and thanks for the compile.

    Just read up on ucarp and it's exactly what I need. My only issue is that it seems to need a client. While that is fine for some things I can use this for, eg. Apache server, for the purpose that started this quest it will be for 2 Synology NAS units. I am unsure if it's possible to even install ucarp on these let alone run the scripts described in the readme.

    Sent from my Pixel XL using Tapatalk
     
  9. Sean B.

    Sean B. LI Guru Member

    Perhaps there's a reason this wouldn't suit your needs, as I didn't thoroughly read every post: Why not put the two NAS's in their own VLAN/subnet? You can then use iptables to redirect traffic to either/or at will. Depending on how exactly the NAS's "fail" ( completely unresponsive in regards to the network, or just the file storage read/write fails etc ) a script for failover between the two shouldn't take much effort. The script would be extremely easy if they stop responding to pings.
     
  10. eangulus

    eangulus Network Guru Member

    IP Tables is was what I originally thought I would be doing, but I have yet to find an example I can adapt. I'm not good enough with iptables to write one from scratch but I usually can modify to suit my needs.

    To give more background (in case of another solution):

    We had 2 Synology NAS units that were setup with Synology's built in HA. All writes were copied to the second unit and it had a heartbeat connection between them. They would failover when the master failed.

    Twice now, we did firmware updates following Synology's instructions to the letter, and both times the HA Failed. First time wasn't too bad just had to resynchronization and setup HA. Second time thou we ended up with a dead unit and a corrupted system on the other. Needless to say we no longer trust Synology's HA solution.

    So I have been testing out some options. I have managed to make work a 2 way sync between the 2. I write data to either unit and the other instantly gets a copy. This is good as we can have failover without the systems relying on each other. If one fails we just don't have the second copy. Our other issue with Synology's HA is that it is an Active Passive setup. We have the resources of 2 units and the cost, but can only utilise one unit at a time.

    By doing the 2 way sync, at this stage means it is a manual failover. If the primary one fails, then I just have to modify IP address on the second and we're back.

    Ideally thou, I would like a floating IP that will auto failover between 2 real IP's. Even better would be a load balance between the IPs. This way we can have an Active Active setup.

    I can get ucarp to work by setting up 2 Linux VMs and mapping each NAS to each and share via samba. Then I can utilise ucarp for failover between them. But that isn't and active active setup and it isn't overly elegant.

    PS: the NAS's are in their own Subnet.
     
  11. Sean B.

    Sean B. LI Guru Member

    If they're in their own subnet/VLAN ( in relation to the clients that access them. IE: Clients are on 192.168.1.X/vlan1/br0 and NAS's are on 192.168.2.X/vlan3/br1 ) then all need be done is write a script to monitor the state of the NAS's and redirect traffic accordingly. When one of your NAS's " fails " .. does it lose network connectivity completely? I need to establish the failure mode in order to implement monitoring correctly in a script.
     
  12. eangulus

    eangulus Network Guru Member

    Not sure of the failure mode. Most important obviously is SAMBA shares. Obviously if network drops we loose samba too. But not sure what to do if network stays (and responded to pings) while samba dies.

    Sent from my Pixel XL using Tapatalk
     
  13. Sean B.

    Sean B. LI Guru Member

    Well, there's 2 methods that come to mind we can use to monitor the samba connectivity specifically. One would be that you install optware-ng/entware so add-on packages can be installed, namely smbclient that we can use via the script to check available shared directories from the NAS's as a confirmation they're still active. Or, use the current CIFS functionality in Tomato to mount a share from each NAS into a directory on the router. The script could then read/write to those directories to confirm they're still active.
     
  14. eangulus

    eangulus Network Guru Member

    Just not sure I can install optware etc to Synology. Can we just check the cifs already running on the Nas for available shares?

    Sent from my Pixel XL using Tapatalk
     
  15. Sean B.

    Sean B. LI Guru Member

    Not installed on the Synology, install on a USB flash/HDD of which you leave plugged into the Tomato router.

    In Tomato, the only CIFS functionality is to mount a remote share to a directory on the router. There's no scanning for available shares from a host on the network etc as there is with Samba. It will add more to the script, and more to deal with on the back end compared to just running optware and using smbclient. However, if you wish not to just install optware ( it's an easy process, and provides access to many software packages you may find useful down the road ) we can deal with CIFS.
     
    Last edited: Feb 20, 2018
  16. eangulus

    eangulus Network Guru Member

    Ok I think I understand better. Not sure what way to do it thou, never used optware before so completely new to that. Have scripted before (I have a custom VPN script directing traffic from a server only over it).

    I am just looking for the easiest but most reliable and elegant way to go about it, so open to suggestions.

    BTW: Does this ucarp method able to load balance? My perfect setup would be the floating IP and load balance but with the ability to direct certain subnets to a particular Nas. For example I could direct IP cameras to a particular Nas while loadbalancing all other traffic. Something like how the multiwan works were you set a weight etc as well. Also is it possible for a 3rd device in the floating IP setup? I am also thinking about using a floating IP for other devices to like our VM's where I can duplicate the VM to another server and have redundancy there too.

    Sent from my Pixel XL using Tapatalk
     
  17. eangulus

    eangulus Network Guru Member

    I want to try and have a play with ucarp and haproxy. What do you recommend, optware, optware-ng or entware? For reference, I run Tomato-ARM by @kille72 on an RT-AC3200. I also have a USB stick permanently installed (for saving logs and running my VPN scripts from.

    Also are there any decent beginners guides/tutorials on how to set up one of the ...ware systems?
     
  18. eangulus

    eangulus Network Guru Member

    Bump?

    Sent from my Pixel XL using Tapatalk
     
  19. koitsu

    koitsu Network Guru Member

    Optware isn't maintained/is dead and has been so for some time. (Opinion) The maintainers of this project did not really seem to understand how to build/maintain software decently. As a result, there was a lot of very broken stuff.

    I don't know what Optware-ng is / never heard of it.

    Entware is deprecated as of 2015, and is now known as Entware-ng. Entware-ng is actively maintained on both MIPS and ARM. Its maintainers are extremely familiar with cross-compiling, dealing with nuances, and building of software in general (read: it's way more complicated than configure ; make install). One of the key maintainers, Alexander Ryzhov, hangs out here on the forum (but for support you should file GitHub Issues tickets).
     
  20. eangulus

    eangulus Network Guru Member

    Thanks. Will look into Entware-ng then.

    I can't see ucarp or carp on the list in GitHub thou.

    Sent from my Pixel XL using Tapatalk
     
  21. koitsu

    koitsu Network Guru Member

    You're right, there isn't (opkg list | grep -i carp turns up nothing). Possibly you overlooked the link at the bottom of the GitHub project page / README.md that includes a link, reading "Feel free to ask for new packages or report any bugs you've found?"

    I don't know which CARP you're referring to, so I'll cover both:

    If you're talking about Common Address Redundancy Protocol (shared IP capability for network failover; sort of similar to VRRP or HSRP), I strongly doubt this can ever be provided by a third-party system. This degree of protocol support involves kernel support. Entware-ng (and Entware, and Optware) is a system providing third-party packages of userland programs. It is extremely unlikely that these would be able to provide enhancements to the kernel or kernel modules; look at how many devices/OSes Entware-ng supports. Every device/OS runs a different version of the Linux kernel. There's really no sane way they could implement that -- Linux kernel ABI and API changes too much, and most of these devices actually run a customised kernel (yes really -- custom and extremely large patches from Broadcom). As such, you should not be looking at TomatoUSB as a solution for this -- you need to start talking to actual network device vendors (read: commercial networking companies) like MikroTek, Ubiquiti, Juniper, and Cisco. I'm not just giving you schmooze, I'm quite serious. TomatoUSB is not what you want. You need a real SoHo or higher-grade router with good network protocol support and focus on exactly that. TomatoUSB is intended for residential/consumer-grade devices and that clientele. (I know for a fact MikroTek has equipment/routers that support VRRP, but CARP has been on people's want list for 8 years). An alternate you might consider is pfSense (FreeBSD-based) which may offer this type of thing; you'll need to talk to the pfSense folks to find out (and no, pfSense does not run on the same devices TomatoUSB does).

    If you're talking about Cache Array Routing Protocol (HTTP load balancing across multiple proxy servers), then that's something that squid supports. There is an Entware-ng package for squid, but I don't know if it includes CARP support -- you can always request that it do so (via a GitHub issues request).
     
  22. eangulus

    eangulus Network Guru Member

    I think you need to read the start of this thread. Ucarp was recommended and even links to ucarp for optware. I just don't know if it can be used under Entware-ng or even if it is the right solution.

    Basically I want 2 devices each with there own IP address on the network to be accessible using a virtual IP address that will route users to which ever device is available.

    That is the minimum, if possible, I would like that if both devices are up, then load balance the virtual IP between the available devices.

    Sent from my Pixel XL using Tapatalk
     
  23. koitsu

    koitsu Network Guru Member

    I did not see lance's posts until now. Sorry.

    If he can build ucarp binaries from scratch for ARM and MIPS, then this is software that could be built and packages provided under Entware-ng. Whether or not it works is a different question (just cuz a binary runs doesn't mean it operates correctly). :)

    So, to get ucarp added to Entware-ng: file a new package request (GitHub issues request) with the Entware-ng folks per the instructions at the bottom of the page -- https://github.com/Entware-ng/Entware-ng -- and reference this thread.
     
  24. eangulus

    eangulus Network Guru Member

    No worries.

    Will put in a request, but seeing you seem to be more knowledgeable than me regarding my problem, could this be a solution, or is there a more elegant way to do what I am asking?

    Basically my current solution to test and try out is running HAProxy and ucarp on the router for both virtual IP and high availability.

    If I can get a solution to my problem it will be for more than just the Nas as in my original issue, I could then also do the same for our webservers, database servers etc.

    Sent from my Pixel XL using Tapatalk
     
  25. koitsu

    koitsu Network Guru Member

    Speaking generally, HA is best done at layer 2 (Ethernet/MAC) or layer 3 (IP) if at all possible. VRRP, HSRP, and CARP work this way. It means all underlying protocols (3 through 7, or 4 through 7, respectively) "just work".

    haproxy -- which I have used in a workplace production environment -- operates at layer 4 (protocol/service-level) and is TCP only. It works OK with basic/simple TCP services (read: HTTP, MySQL (kind of but kind of not), SSH/SFTP (kind of but kind of not), but not UDP, nor TCP protocols that contain payload that dictate what the client should talk to (some examples would include FTP and IRC DCC).

    haproxy thus becomes a middleman for all network I/O of those services -- which means the system running haproxy becomes a bottleneck for network throughput.

    Another complication with haproxy is the heartbeat concept. haproxy has to know in some fashion if a service behind it is actually working or not. For TCP, issuing a simple TCP SYN and expecting a TCP SYN+ACK back may be enough -- but for some things, it isn't enough. For example, HTTP is TCP-based, but just because a web server answers doesn't mean a GET request will work/respond timely. Another example is MySQL, where the MySQL protocol (layer 7) itself demands that anything connecting to it *actually speak MySQL protocol*; if you initiate a connection to it and then don't speak the protocol, mysqld (server) will eventually block the client (in this case, haproxy) after repeated protocol negotiation failures. SSH/SFTP is another service that works this way. In short, the HA daemon/LB daemon actually has to support all those services natively (at the protocol/payload level) to "truly know" if a service is down or up. You'll find many do not.

    What hasn't been disclosed in the thread is what services clients are actually using on the Synology NAS. These units can support a multitude of access protocols: CIFS/SMB, NFS, FTP, SFTP, AFP, iSCSI, WebDAV, blah blah blah. The list is tremendous: https://www.synology.com/en-us/know...t_network_ports_are_used_by_Synology_services

    You can probably narrow down the services you use on your clients, but understanding the protocols and how they behave is very tedious. CIFS/SMB and NetBIOS in particular are insanely complicated and involve use of broadcast addresses for announcing certain things, and they use UDP too -- haproxy can't be used for any of that.

    One of the things I always do when researching a new solution (daemon, product, ANYTHING) is to read the user manual/documentation. From that I can usually discern the quality, and whether or not said thing will do what I need. Understanding "Everything About Everything" (LOL) is something I'm kind of expected to do as an systems administrator/network engineer with a strong operations background.

    A question: Synology offers their own HA implementation, and you folks had seen it fail on multiple occasions. That definitely sucks. So was this discussed with Synology? You have a support contract with them, right? It seems like if that problem got solved, you'd not be dealing with any of the rest of this. Alternately, consider a different product/vendor? QNAP and iXSystems come to mind (especially iXSystems). You see, I'm not big on these "generic SoHo" NAS products -- they tend to be black-box vendor-lock-in junk, with support people that are for generic end-users, not workplaces, and they often do not disclose how the product works (and if the product fails, good luck getting your data off the disks using a non-vendor product). Enterprise SAN products are a whole other ballgame. They're more expensive, but HA on NetApp filers -- clustered data ONTAP -- certainly works, and your support contract guarantees they will help you fix whatever you encounter.

    I can't really help you past this point, I'm sorry to say. This starts to get into the realm of "hey, you seem to know a bunch of stuff, can I pick your brain so I can solve this at my place of work", which makes me feel very uncomfortable. That said: what's awesome is that you're actually thinking about all of this and trying to solve it (vs. just blowing it off). You know more about your needs and how you got to this point than I do, but my general approach would be:

    1. Put a lot of pressure on Synology to work with you to fix their HA. Solve that and all this becomes moot.
    2. Start doing 2a, 2b, and 2c simultaneously:
    2a. Start looking at other NAS solutions (again: QNAP and iXSystems come to mind). See if they meet your needs. Aren't sure from websites? Talk to sales and support at the companies.
    2b. Start looking at actual SAN solutions, though probably low-cost. Talk to NetApp, see what they have available. There are lots of SAN companies too. They all involve support contracts too, so you know dang well if something doesn't work they're on the hook for fixing it. For "general administration" of SANs, you can always hire third-party companies to do the work (I know a major networking company here in Silicon Valley that does exactly that for their NetApp filers! That's right: their sysadmins don't touch it, they hired a company to manage it for them)
    2c. Start looking at software-based solutions (like ucarp). This is tedious because everyone and their dog seems to advertise "HA load balancing solutions" yet most of them are for specific services (usually HTTP). NAS/SAN is way more complicated than HTTP.
    3. Discuss with management the possibility of doing nothing, i.e. enduring the HA issues when they happen. I know this sounds crazy, but surprisingly this is a common option that is often overlooked. Depends on how often it happens, what the impact is, if it screws up data synchronisation (i.e. results in lost data), all that jazz. Depending on the impact, sometimes doing nothing is the best (and cheapest) choice.

    Anyway, food for thought.
     
  26. eangulus

    eangulus Network Guru Member

    Thanks for all that info. Much appreciated.

    The position we are in with the Synology HA problem, is that:

    1. It's failed twice now. Neither time could Synology tell us why. One reason for that is lack of logs for Synology, but they are requesting that when a problem occurs to let them know and don't touch anything (is rebuild etc). That would be fine if they can get back to me quickly. I cant be expected to leave a system broken and have down time cause it takes 2 days to hear back from Synology.

    2. The business is in that bad place in terms of size. They are too big to use only Soho stuff and big enough to need the uptime, but too small to have a decent budget. We will get thru this but may be another year or so before we can finally afford some of the bigger and better toys so to speak.

    3. Have had some insight to the last Synology issue which killed a box. It was running an Atom processor and I found out about this C2000 bug. Will be a while before we have 100% confirmation, but everything points at the bug being the issue. If that is the case then HA Failures could have been that and not a Synology issue at all. In that case we are weighing up giving Synology's HA a 3rd and final try.

    4. Above point makes my original problem moot, but I was still looking forward to playing with some HA stuff for running duplicate Apache and MySQL VM's to spread the loads and to minimise downtime.

    PS: We did get the replacement Nas very fast with no hassles. But our location limits replacement times and availability of 3rd party services for support etc. We are located 6 hours drive from the nearest major city. We are only a town of 46k and don't have any of the big guys here in IT.

    So basically if I can't fix something, then it can be days before we can get parts in etc. I know most things can be done online but with slow internet here it can be difficult too.
     
  27. koitsu

    koitsu Network Guru Member

    #1, #2, #3: Totally understood. Been in these situations myself. Lots of teeth-gritting, I know. I'm surprised Synology doesn't offer strict SLAs (NetApp does, for example).

    #4: haproxy should work wonderfully for load-balancing or HA of HTTP (not HTTPS) traffic (re: Apache). Just remember that haproxy becomes the bottleneck for all I/O, because network traffic then flows like: client --> haproxy --> backend server. This may be a problem if you have high throughput needs.

    Hardware load balancers like the Citrix NetScaler can do this very differently through a feature called DSR (Direct Server Return), which allows the load balancer to be taken completely out of the loop after the initial TCP SYN from the client. How it does so involves duplication of a packet and spoofing of some MAC addresses in the Ethernet frame portion of a packet. I've used this at an old job for very network-intensive things. Here's some random blog talking about it: http://www.ingmarverheij.com/citrix-netscaler-dsr-poor-mans-load-balancing-solution/ -- and here's the reference: https://docs.citrix.com/en-us/netsc...nt/load-balancing/load-balancing-dsrmode.html

    Load-balancing or HA of MySQL traffic is a whole other ballgame. The complication is that load balancers tend to not speak the native MySQL protocol thus there's no reliable health check method. A classic TCP SYN check (look for TCP SYN+ACK in response) is not enough -- just because a port is listening doesn't mean a query will function (or function quickly), and that same methodology will cause mysqld to eventually block the load balancer itself (see: aborted_connects in SHOW GLOBAL STATUS).

    Master-master replication alongside using a RR DNS entry with a low TTL (maybe 10 seconds? And never pick a TTL of 1 second! Many devices (including BlueCoat) will behave very wonky if you do this) would be a simple way to deal with it. I've only dealt with master-slave replication, with applications using MySQL that knew which server to speak to (master vs. slave) based on whether they were doing a read or write operation.

    Another possibility for MySQL would be MySQL Cluster, but I haven't used it. Point: I'm a systems administrator, not a DBA (it's the DBA's responsibility to know about this :) ).

    Edit: some other ideas include:

    a) A managed switch (yes, switch!) with load-balancing capabilities. There are switches which do this, including offering a VIP (virtual IP) that "balances" between two ports (two servers). For low-cost switches that might offer this, but are reliable, try HP ProCurve.

    b) Present-day Linux distros (read: probably not TomatoUSB) seem to offer a way to potentially do the VIP-based methodology purely in the OS alongside a heartbeat daemon (to tell what systems are down/up). Here's a blog I found on it (note: "HA Proxy" in this blog does not refer to haproxy (the daemon), but rather something under the Linux-HA Project): http://www.skybert.net/linux/setting-up-a-high-availibility-service-with-vip-and-heartbeat/
     
  28. eangulus

    eangulus Network Guru Member

    I like the Switch idea.

    We currently run 6x 5520-48T-PWR switches in a stack. They have quite a lot of features.

    What are some terms that may be used for HA and or vIP? Trying to see if our current switches can do such a thing. A feature it has is VRRP, seems to maybe be what I am after (just looking at the basic descriptions at the moment).
     
  29. koitsu

    koitsu Network Guru Member

    It varies per vendor and device, sadly. Every company has their own terms for them it seems. See if the documentation covers virtual interfaces.

    I don't think VRRP is what you're going to want, at least not at the switch level. If the Synology NAS units did VRRP, that would work. Maybe giving you an example of how VRRP is used in the real world would be helpful:

    Code:
           Internet
              |
       +------+------|
       |             |
    router01      router02
       |             |
    +--+-------------+---+
    |       LAN          |
    +---------+----------+
              |
       +------+------+
       |      |      |
    +----+ +----+ +----+
    | PC | | PC | | PC |
    +----+ +----+ +----+
    
    router01 LAN IP:  192.168.1.253
    router01 VIP:     192.168.1.1 (MAC 11:22:33:44:55:66)
    router01 VRID:    20, priority 255 (master)
    
    router02 LAN IP:  192.168.1.254
    router02 VIP:     192.168.1.1 (MAC 11:22:33:44:55:66)
    router02 VRID:    20, priority 100 (backup)
    
    Keeping it simple: the idea is that the PCs on the LAN all use a default gateway of 192.168.1.1, thus from their perspective, 192.168.1.1 is always associated with MAC 11:22:33:44:55.

    router01 and router02 periodically talk on the LAN (this is done using multicast (layer 3, protocol 112) -- CARP uses the same protocol, IIRC -- all with a destination address of 224.0.0.18) to ensure that each sees the other through advertisement messages.

    Say router01 loses power -- router02 notices this, and takes over master role. LAN clients might notice a brief period of interruption until router02 takes over (depends on configured advertisement period, but 1-2 seconds is common), but no reconfiguration on the clients is needed.

    VRID stands for VRRP ID or "VRRP group ID" and is a unique number from 0 to 255.

    VRRP priorities are in highest-to-lowest order (255 = master, anything lower = backup).

    The reason I mentioned VIPs on switches is that it would ideally be possible to segregate two networking ports (for each Synology NAS) onto its own VLAN, then set up a VIP associated with both those ports/members, and make that VIP accessible from the rest of the LAN. LAN clients would talk to the VIP, the rest should make sense. I know some Cisco switches can do this (or something very similar to it), so I would assume other vendors might too. I can think of a couple complications with this (mainly relating to VLAN IDs and tagged vs. untagged frames -- but another would be how a LAN client could access the Synology devices directly (for administration purposes) (you might need a workstation that understood tagged frames so it could differentiate between "LAN traffic" and traffic on the Synology-specific VLAN)) but I would think it'd work.

    In the meantime, I'd suggest filing a GitHub Issue with the Entware-ng folks requesting a ucarp package. Just remember that the NAS performance is going to be quite bad if all set up and working -- packets going to/from LAN clients/NASes essentially have to go through userspace/userland on the router (read: CPU is involved), and consumer routers **are not** fast.

    Alternately: do you know if the Synology NAS units support VRRP and VIPs? :) Heck, possibly that's what their own HA implementation is using. You can see how in the above model, replacing router01/router02 with nas01/nas02 would effectively accomplish the same thing (minus setting LAN clients' default gateway to the VIP -- don't do that, duh).
     
  30. eangulus

    eangulus Network Guru Member

    The NAS's when setup in ha does use a virtual IP to the ha cluster. They then have a direct Ethernet cable between them for heartbeat. If one fails then the same IP just goes to the other unit.

    Being that the NAS's are Linux based, I wonder what software they use for the IP. I could setup a Linux VM to do the virtual IP stuff and redirect or proxy connections to the VM to either of the NAS's.

    Sent from my Pixel XL using Tapatalk
     
  31. koitsu

    koitsu Network Guru Member

    You could probably figure it out what they're using if you were to capture packets running across the dedicated Ethernet between the two NAS units. I wouldn't be surprised if they were using VRRP or CARP themselves, but I also wouldn't be surprised if they were using a proprietary protocol/home-grown black-box solution. Literal 50/50 odds (I've seen it both ways, including in the enterprise world). But it's not your job to reverse-engineer what they're using though, you just simply want it to work reliably; and also, even if you did reverse-engineer it, it's not like you could necessarily fix it or hack around it (i.e. fixing it would have to be done in firmware).
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice