The article describes two things:
1. Having a virtual IP which can move around between two physical hosts, such that it is "always available". (It will clearly go away if both hosts crash).
2. Using HAProxy to route incoming requests, from the single virtual IP, to both back-end webservers.
This means in the expected & typical scenario where both hosts are online both webservers will handle half the load. When one host fails the other will handle all traffic.
Traffic goes to all the backend web-servers under this scenario, through a single load-balancer device/server.
If that device goes down the secondary takes over.
While if you have millions of requests/sec this scenario wouldn't be quite enough for you, using haproxy with carp/ucarp/keepalived will get you at least 100k connections or more. If you need millions, then you have other problems to worry about as well :).
* http://www.debian-administration.org/article/678/Virtual_IP_...
We did have some network issues after the new topology went live that we unexpectedly tracked down to the LB pair, for one simple reason: CARP generates a lot of multicast traffic. Depending on how your hosts and network are configured, this can easily get routed out into a fairly large portion of your local network, and use a lot of bandwidth/router capacity with no benefit.
So, if you're setting up a CARP pair/cluster of your own, pay close attention to your multicast setup. Ideally, put the CARP multicast traffic on a dedicated subnet and watch your router and switch stats to make sure you aren't flooding the rest of your network with multicast spam.
This stopped the show for me once when setting up two OpenBSD load balancers in a shared virtual environment. I was told that to enable promiscuous mode on a single port group they would also have to enable it on the physical ESX host adapter for each ESX host since the pair was separated on different physical hosts.
If that is true then I would never enable it. However networking isn't my strong side so I can't verify this.
It's pretty easy to filter that out using iptables as well. I know for keepalived, you're generally only sending out notifications every second or two. Anything higher than that and yeah, you could end up generating some crazy traffic.
Here's a typical tcpdump of an advertisement for the curious: 172.20.1.xx > 224.0.0.18: AH(xxxxx): VRRPv2, Advertisement, vrid 51, prio 104, authtype ah, intvl 1s, length 20, addrs: 172.20.1.xx
An addendum to this guide might be to add in connection tracking across the master/slave nodes. In *BSD this is implemented with pfsync. In linux it would be iptables connection tracking.
More on pfsync: http://www.openbsd.org/faq/pf/carp.html#pfsyncop Linux conntrackd: http://conntrack-tools.netfilter.org/
Edit: Oh, and everyone always forgets about using LVS for load-balancing and failover. There's endless documentation on the web about that, and it's not a proxy service like haproxy (which is both good and bad).
They're both powerful systems with a different way of thinking about the idea of packet filtering and mangling!
