3

We have some PHP-FPM servers and when they need a database connection, they connect to an HAProxy server which selects them a database server to use and the connection opens. When we then want to perform some maintenance on the HAProxy servers (such as config changes requiring an HAProxy restart), the process is as follows:

  1. Shutdown Keepalived on the HAProxy server
  2. Wait for the floating IP to transfer to the backup HAProxy server (also running Keepalived)
  3. Wait until HAProxy stats is reporting just one connection (us checking how many connections there are)
  4. Restart HAProxy
  5. Restart Keepalived

As step 2 occurs, what will happen to the open mysql connections at that point? According to this TCP Sessions and IP Changes question the connections will be dropped. Is this really the case? If so, what, if anything, can be done to prevent this happening? Can the connection be in some way forced to use the main (non-floating) IP of the server?

We also have a similar setup with two Nginx servers with Keepalived running on them and we were planning on doing the equivalent process. If we do, the same question applies - what happens to the existing http connections when the IP moves to the other server?

I appreciate your help.

Community
  • 1
Luke Cousins
  • 417

2 Answers2

5

They disconnect. TCP has no protocol part for changing the IP address so the clients will not know that it has changed magically. A new connection will have to be established.

TomTom
  • 52,109
  • 7
  • 59
  • 142
1

The IP addresses to use for the TCP connection are chosen by the client when the connection is established. The choice can be made either by the application layer by binding the socket to a specific IP before connecting, or by the kernel if the application layer did not make a choice.

The choice made by the kernel can be controlled in a few different ways. A host which has both a static IP address and a floating IP address should be configured to use the static IP address for outgoing connections. If you want to use an IP only for incoming connections and not for outgoing connections, you can assign it to a dummy interface.

By default the IP address chosen by the kernel is the one assigned to the interface through which the TCP SYN packet is sent. If you are using IPv6 you have more fine grained control, here are a few examples of commands that could be used on Linux:

/sbin/ip -6 addr change 2001:db8::234 dev eth0 preferred_lft 1
/sbin/ip -6 addr change 2001:db8::1 dev eth0 preferred_lft 0

The above pair of commands would use 2001:db8::234 for SYN packets send through eth0.

kasperd
  • 31,086