Please login or register. November 22, 2017, 04:31:14 PM

Author Topic: problem with ip address  (Read 9823 times)

0 Members and 1 Guest are viewing this topic.

Val

  • New Member
  • *
  • Posts: 2
  • Karma: +0/-0
problem with ip address
« on: March 26, 2007, 09:20:18 AM »
i apologize for my bad english ^_^
i have a problem with a my customer:

he has 2 p570 lpar in hacmp (v 5.3) on aix 5.3 but a little problem with ip addresses:

Quote
en0: flags=1e080863,480<up,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT,CHECKSUM_OFFLOAD(ACTIVE),CHAIN>
inet 192.168.6.2 netmask 0xffffff00 broadcast 192.168.6.255
inet 10.171.36.23 netmask 0xffffff00 broadcast 10.171.36.255
tcp_sendspace 262144 tcp_recvspace 262144 rfc1323 1

en1: flags=1e080863,480<up,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT,CHECKSUM_OFFLOAD(ACTIVE),CHAIN>
inet 192.168.7.2 netmask 0xffffff00 broadcast 192.168.7.255
inet 10.171.36.11 netmask 0xffffff00 broadcast 10.171.36.255
tcp_sendspace 262144 tcp_recvspace 262144 rfc1323 1

Quote
Routing tables
Destination Gateway Flags Refs Use If Exp Groups

Route Tree for Protocol Family 2 (Internet):
default 10.171.36.254 UG 8 84245 en1 - -
10.171.36.0 10.171.36.11 UHSb 0 0 en1 - - =>
10.171.36.0 10.171.36.23 UHSb 0 0 en0 - - =>
10.171.36/24 10.171.36.11 U 2 171507 en1 - - =>
10.171.36/24 10.171.36.23 U 0 128791 en0 - -
10.171.36.11 127.0.0.1 UGHS 0 0 lo0 - -
10.171.36.23 127.0.0.1 UGHS 0 8 lo0 - -
10.171.36.255 10.171.36.11 UHSb 0 0 en1 - - =>
10.171.36.255 10.171.36.23 UHSb 0 0 en0 - -
127/8 127.0.0.1 U 11 55959 lo0 - -
192.168.6.0 192.168.6.2 UHSb 0 0 en0 - - =>
192.168.6/24 192.168.6.2 U 2 72080 en0 - -
192.168.6.2 127.0.0.1 UGHS 0 12896 lo0 - -
192.168.6.255 192.168.6.2 UHSb 0 272 en0 - -
192.168.7.0 192.168.7.2 UHSb 0 0 en1 - - =>
192.168.7/24 192.168.7.2 U 2 77526 en1 - -
192.168.7.2 127.0.0.1 UGHS 2 29401 lo0 - -
192.168.7.255 192.168.7.2 UHSb 0 272 en1 - -

Route Tree for Protocol Family 24 (Internet v6):
::1 ::1 UH 0 0 lo0 - -

where:
192.168 are the standby ip adresses;
10.171.36.254 is the default gateway:
10.171.36.9 is the persistent ip address;
10.171.36.19 is the service ip address;

the problem is:
the final user uses 10.171.36.19 for application but application reply by 10.171.36.9 and for the firewall is a trouble...

so is possible get a reply from an aix server from the same ip address used for a request?

who uses 10.171.36.23 should receive a reply from 10.171.36.23
who uses 10.171.36.11 should receive a reply from 10.171.36.11

tnx in advance
Stefano

Michael

  • Administrator
  • Hero Member
  • *****
  • Posts: 1054
  • Karma: +0/-0
Re: problem with ip address
« Reply #1 on: March 26, 2007, 02:51:53 PM »
1) A persistent address should be seen as a maintenance address. As best practice, it should not be in the service address range. The idea is that when active HACMP will make sure that address is available on a working interface.
2) The behavior you are seeing, from my experience, is a TCPIP behavior 'problem'. The IP header takes the address of the interface it uses to depart (becomes the packet IP Source Address). So, while the Service Address is used to route the package into the cluster node, the "reply" is using the interface with persistent address (or both address are on one interface and then IP decides which one to use as it assembles the package for the response).

** recommendation: use persistent address in a seperate IP network range, perhaps private (192.168.*.*, 172.16-31.*.*, or 10.*.*.* - keeping the IP netmask (255.255.255.0 in this case) regardless of the network address chosen.

Val

  • New Member
  • *
  • Posts: 2
  • Karma: +0/-0
Re: problem with ip address
« Reply #2 on: March 26, 2007, 03:01:53 PM »
** recommendation: use persistent address in a seperate IP network range, perhaps private (192.168.*.*, 172.16-31.*.*, or 10.*.*.* - keeping the IP netmask (255.255.255.0 in this case) regardless of the network address chosen.

tnx for your reply
i already thought this, but hacmp request that service ip and persistent ip were in the same logical subnet...

Michael

  • Administrator
  • Hero Member
  • *****
  • Posts: 1054
  • Karma: +0/-0
Re: problem with ip address
« Reply #3 on: March 26, 2007, 03:22:17 PM »
I guess I'll have to review my course notes. I am sure I teach it as I mention it here.

I think the persistent address may be in the same subnet as the interface addresses, or may be different. Again, from memory, it should NOT be in the service address range.

The bigger problem MAY be when you have two applications in the same IP network and you have a stated firewall. In that case, you still have a problem.

Huh? Well, rather than saying it is a persistent address, say that is the service address of Application_2. And you have a problem again - maybe. (The firewall might not be stated, but only setup to pass service addresses).

But, to get back to what I consider a "best practice" for persistent addresses is to remember it is not meant to be used as a "service" address, but as a address that will persist (be available) for the node even when HACMP is down (once the node is syncronized, the persistent address gets put into the ODM and 'generally' is available once the node boots. If the interface it is on fails and HACMP is operating, HACMP moves the persistent address to a working interface.

Michael

  • Administrator
  • Hero Member
  • *****
  • Posts: 1054
  • Karma: +0/-0
Re: problem with ip address
« Reply #4 on: March 26, 2007, 04:45:17 PM »
So, a quick review finds these notes regarding the "service" and "non-service" addresses.

    Service interface: A communications interface configured with a service IP
    label / address (either by alias or replacement).
    Non-service interface: A communications interface not configured with a
    service IP label / address. Used as a potential location for a service IP label /
    address.
    Persistent IP label / address: An IP label / address, defined as an alias to
    an interface, which stays on a single node and is kept available on that node
    by HACMP.

My additional comments:
    A persistent address is a non-service address.
    The important distinction is that non-service addresses are stored in AIX ODM whereas service addresses are stored in HACMP ODM and are only available when the assosciated resource group is active.
    Service/Non-service terminalogy replaces the old (pre HACMP 5) service, boot and standby interface naming conventions.