Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Do we have any resource for base IP

Created: 12 Sep 2012 • Updated: 12 Sep 2012 | 6 comments
Zahid.Haseeb's picture

Environment

Solaris = 10

HA = 6.0

Please Note: qfe0 on both nodes with physical IP assigns and not VCS resource. This will be used for management like making the connection with hagui/java console. Second I did not assign any base IP/Physical IP on aggr1

Service Group resources = NIC

Now I want to use a resource which assigns a base IP to the interface aggr1. If I use an IP resource it can assign the IP but this is Virtual IP. The base IP shows empty. I want a resource which can assign a base IP to an interface. Example for reference what is happening:

# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000
qfe0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 10
        inet 192.168.253.254 netmask ffff0000 broadcast 192.168.255.255
        ether 8:0:20:ea:2:2c
aggr1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 8
        inet 0.0.0.0 netmask ff000000 broadcast 0.255.255.255
        ether 0:3:ba:78:61:75
aggr1:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 8
        inet 192.168.253.253 netmask ffff0000 broadcast 192.168.255.255
 

Discussion Filed Under:

Comments 6 CommentsJump to latest comment

Paresh Bafna's picture

Hi,

IP, IPMultiNIC and IPMultiNICB agents are meant to monitor/manage virtual IP addresses. NIC, MultiNICA and MultiNICB agents are meant to monitor physical interface health.

NIC and MultiNICB agents expect base IP address to be available and up. For your use-case you can use MultiNICA agent which will plumb base IP address. You can configure MultiNICA resource with only one interface in Device list.

Typically virtual IP addresses are managed by VCS agents which are use by applications to communicate with external entities over network. These virtual IPs and applications can be failed over from one system to another one. With this scenario applications run seamlessly even in case of network failure on one node.

If you use MultiNICA agent to plumb base IP address on interface, you achieve is monitoring of interface. If interface aggr1 fails, MultiNICA resource will fault and base IP will not be failed over to any other interface or another system.

Recommended way to achieve HA for network is to have single/multiple physical interfaces configured with base IP address up and running. Configure VCS agent (*NIC*) to monitor health of physical interface. Configure corresponding IP* resource to manage/monitor virtual IP address that will be brought online on logical interface. This way even if one physical interface faults virtual IP will be failed over to another healthy interface (or to another system in cluster as applicable) and will be accessible seamlessly.

Hope this helps.

Thanks and Regards,

Paresh Bafna

Thanks and Regards,
Paresh Bafna

Zahid.Haseeb's picture

Thanks for your kind reply. Actually to ask the question has two things which I want to achive.

Question1: Some clients want to connect with my application which will be in HA environment.

This thing will be achive by virtual IP. Seem a below example

Clients=======>(Virtual IP) HA Application

Question2: This HA application will connect for request to external servers some time. When the HA application will try to do this(try connect to external servers). The virtual IP will not execute the request of HA application. The request will execute by base/physical ip of the active node. Suppose when the node failover to second node the same request will forward via second node base ip. This has two impacts

a.) The HA application cant connect via one IP with external servers.

b.) When request execute from one node and wait to come reply from external servers. At this time if the failover occur. The external server send back the request to the node where the request was initiated and the request did not find the HA application on that node because of this those request discarted.

        -One more thing. The external servers only allowed us one IP.

Seem a below example:

Clients=======>(Virtual IP) HA Application==========>External Servers

This is the actual problem thats why I want same physical IP on second node as well.

Any comment will be appreciated. Mark as Solution if your query is resolved
__________________
Thanks in Advance
Zahid Haseeb

zahidhaseeb.wordpress.com

Paresh Bafna's picture

Hi Zahid,

Your Question1 can be taken care by configuring IP resource for (Virtual IP). This (Virtual IP) will failover along with application so that clients can reach application via same (Virtual IP).

For Question2, we need details of application behavior.

When application failover from one node to another, application is brought down on one node and started on another node. Generally, any application will not remember that it sent request for some data to external servers and was waiting for response. Application will have to re-request data from external servers after failover (Unless application is specifically coded in a way where it remembers its previous state even after restart on another node).

If you could configure application to use a particular IP address to communicate to external servers then your problem can be solved by having multiple IP resources as below.

Clients=======> (VIP-1) HA Application (VIP-2) ==========>External Servers

This way when application failover to different node, VIP-2 also failover. This way application will always use same IP address to communicate to external servers.
This will take care of your requirement -

“The external servers only allowed us one IP.”

Still application will have to re-request for data from external servers if it failover after requesting data and before getting data.

Let us know if you have doubts.

Thanks and Regards,
Paresh Bafna

Thanks and Regards,
Paresh Bafna

Zahid.Haseeb's picture

As per question # 2

I dont want to hard code the IP under application.... Second is it possible that the request forcely send via VIP-2 to external servers ? As per my understanding if you have a base IP and a virtual IP on an interface, The request will be forward via base IP, not via VIP.

If the virtual IP can forward the request in the presence of base ip on an interface then it will be very best for me.

Any comment will be appreciated. Mark as Solution if your query is resolved
__________________
Thanks in Advance
Zahid Haseeb

zahidhaseeb.wordpress.com

Zahid.Haseeb's picture

Clients=======> (VIP-1) HA Application (VIP-2) ==========>External Servers

This way when application failover to different node, VIP-2 also failover. This way application will always use same IP address to communicate to external servers.
This will take care of your requirement -

....

is it possible that the request forcely send via VIP-2 to external servers ? As per my understanding if you have a base IP and a virtual IP on an interface, The request will be forward via base IP, not via VIP. ???

Any comment will be appreciated. Mark as Solution if your query is resolved
__________________
Thanks in Advance
Zahid Haseeb

zahidhaseeb.wordpress.com

Paresh Bafna's picture

Hi Zahid,

Typically, which IP address is used for outgoing connection depends on routing table.
For Solaris, route is added for every IP address that is brought up – base as well as virtual IP address.
Depending on ordering of routes outgoing IP address is selected.

For example, in the test performed below, there are multiple routes to 10.209.60.0 subnet. When routing table has route through virtual interface (bge0:3) displayed before physical/base interface (bge0) route, virtual IP address will be used for outgoing connections.

# netstat -rn

Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ---------- ---------
default 10.209.60.1 UG 1 6354
10.209.60.0 10.209.62.3 U 1 6 bge0:3
10.209.60.0 10.209.60.181 U 1 0 bge0
224.0.0.0 10.209.60.181 U 1 0 bge0
127.0.0.1 127.0.0.1 UH 5 38531 lo0

# netstat -an | grep 182
10.209.62.3.44662 10.209.60.182.22 49640 0 49640 0 ESTABLISHED

I have observed this behavior with VCS 6.0.1 and S10U9. I expect similar behavior with other updates as well.
If you are not seeing this behavior please open support case with Symantec in order to analyze this issue further.

Hope this helps.

Thanks and Regards,
Paresh Bafna

Thanks and Regards,
Paresh Bafna