Hi,
haproxy and rinetd simply redirect the TCP traffic.
Both are doing a good job, but haproxy has the ability to forward the
original IP (at least in our FreeBSD setup). Just use TCP mode with very long connection
timeouts.
rinetd has no concept of timeouts. It just accepts incoming connections on a specific
IP/Port and connects to a different IP/Port, forwarding all the data in/out.
The original IP Adress is then hidden from the IDS instance.
Both are very stable and haproxy has a nice HTML management interface which lets
you monitor the connection states.
The easiest setup is rinetd, but does not offer a real ability to monitor the connections
other then netstat commands.
Informix CM in passthrough mode is more complex to configure and can be set up
either in passthrough mode oder in redirect mode.
Passthrough mode is more or less simulating the Informix connector (needs to have
the INFORMIXSERVER value and the actual value of the instance behind CM must be different.).
It can be used for HDR as well, in order to hide the active instance from the clients
(and perform the switchover in case of a failed primary).
This setup works with very old clients, which might be not aware of redirecting responses.
In redirect mode, the CM will receive the initial connection and then redirect the client
to the active server (mostly used when a HDR pair is in place, where the roles are switched
from time to time or CM has the role to actively switch a secondary to primary if connection
to the primary instance is lost for whatever reason).
It can also work with aliases (one alias points to the primary instance always, another
alias points to the secondary for read-only access, with a fallback to primary).
In order to do this, the clients need to be aware of both instances and the CM.
CM is also very stable and as already said, can (should) be set up on a different machine.
We have used the rinetd and haproxy approach temporary in the past for the purpose to move
the IDS instance to a separate network segment, which is not directly accessible for some clients.
(like a DMZ).
With CM, it is a little tricky to "just reboot the primary for a moment" for whatever reason,
without initiating a failover to secondary.
If your instance is standalone, and you just want to prevent changing all the clients setups,
I would probably go with haproxy.
Original Message:
Sent: 2/1/2024 5:26:00 AM
From: Ondřej Žižka
Subject: RE: How to keep IP address and hostname/FQDN during server migration.
Hello Marcus. Thank you for the answer. Would you please describe what is your experience with each of the solutions? Is there any you would not recommend?
------------------------------
Ondřej
------------------------------
Original Message:
Sent: Thu February 01, 2024 03:02 AM
From: Marcus Haarmann
Subject: How to keep IP address and hostname/FQDN during server migration.
Hi,
we have done both solutions.
- Deploy haproxy in tcp mode (high timeouts)
- alternative (easier) rinetd to redirect
- Use Connection Manager in passthrough mode (yes, can be installed separately)
- Connection manager in redirect mode should work as well, but will need direct connectivity from all clients to server
(not sure if this a good idea for your environment, you would need to change the INFORMIXSERVER
and make it available for all clients)
Best,
Original Message:
Sent: 2/1/2024 2:29:00 AM
From: Ondřej Žižka
Subject: How to keep IP address and hostname/FQDN during server migration.
Hello,
I would like to know your opinion. We are migrating a single Informix server (no HA, just one server instance with 2 databases on one operating system/server). The customer asked us to keep the server's IP address and hostname (FQDN) because they are not sure who (users or other services) is using IP and who uses hostname/FQDN to access the database.
They want to keep the IP address of the database server "same forever". This brings me an idea to separate the IP address from the server machine, but because the migration is done once in a blue moon (this one is done after 14 years) it also means, that the change of IP address of the server after data has been moved is not bad idea.
I see here 3 options:
- Migrate data and change the IP address and hostname of the server (should need just update the OS hostname, OS IP and Informix sqlhosts file).
- Deploy proxy between clients and server with static IP (e.g. HA Proxy).
- Use Connection Manager as a proxy on a separate server (is this use case for CM, can CM be installed separately?)
What are your experiences with this kind of migration/architectural change?
Thank you for your opinions and ideas.
------------------------------
Ondrej
------------------------------