AIX

AIX

Connect with fellow AIX users and experts to gain knowledge, share insights, and solve problems.


#Power
 View Only

  • 1.  HACMP and source IP address

    Posted Sun April 29, 2007 11:59 AM

    Originally posted by: SystemAdmin


    Hi,
    my 2 nodes cluster is running hacmp v5.4.
    I configured 1 persistant and 1 service per node address.
    When Clients (users) requests the active node using its service address the client receive the response with no problem.
    When the communication is initiated by the node to other servers behind a firewall, no communication established.
    My interpretation is when the node initiate communication, it use the persistent the persistent address instide of the service one. On the firewall, only the service IP address i allowed so the trafic with the peristant address is blocked.

    So, how can force any traffic initiated from server to use the service ip address ?

    #AIX-Forum


  • 2.  Re: HACMP and source IP address

    Posted Thu May 31, 2007 03:06 PM

    Originally posted by: bodily


    This is actually a very common issue. Though not HACMP specific, it is far more likely to be seen in an HACMP environment. Especially when the connection is a wildcard request (like ftp or telnet). Here's the gist of the problem.
    When you have a persistent IP on the same subnet as the service(s) (which is common practice) the default route gets assigned to the interface first addressed on that subnet (i.e. normally the persistent). Hence any connection request from that server on that given subnet, comes out that interace and that ip address. This is fundamental AIX TCP/IP.

    There are a handful of ways to deal with this, none of which I know of to blatantly easy.

    Some people would say (assuming the connection request is via ftp or telnet) to use more current tools to provide this functionality that offers the ability to specify a particular IP address, like ssh -b or scp -o. Many times it is applications doing this, and incorporating such a change is not easily done.

    HACMP attempted to help these situations by specificy service alias distribution policies, one being that it would make sure all service aliases would be on the same interface as the persistent. Well that only helped a little depending on how the firewall was configured (my understanding was via specific interfaces and subnet, not so much specific address). So that isn't a cure all either.

    The other options I know of would be to put the persistent on a seperate subnet (which according to some recent customer engagements sounds more doable than historically was the case). Or, you manually script/manipulate the addresses at HACMP startup. Meaning remove the persistent IP before acquiring the service address, let HACMP put on the service, then put the persistent back on.

    That's about all that comes to mind. So hopefully this helps.
    #AIX-Forum


  • 3.  Re: HACMP and source IP address

    Posted Sun June 03, 2007 04:07 PM

    Originally posted by: grukrz1


    I had the same issues - I was quite easy to switch route to have desired source address (in my case it was service IP).

    I then implemented following function in an appliction server starting scripts (I think something similiar can also be implemented as a post-event script in HACMP):

    SERVICE_IP=10.1.1.1
    set_source_address ()
    {
    DESIRED_SRC_ENT=`netstat -in|grep -w "SERVICE_IP"|awk '{print $1}'`
    ACTIVE_SRC_ENT=`netstat -r|grep ^default|awk '{print $6}'`
    if ! [ -z $DESIRED_SRC_ENT ]
    then
    $DESIRED_SRC_ENT != $ACTIVE_SRC_ENT && /etc/route change 0 -if "$DESIRED_SRC_ENT" || echo "Source IP is ok
    else
    echo "The service IP "SERVICE_IP" not found configured on this node!"
    fi
    }

    set_source_address
    #AIX-Forum


Related Content