Re: IP Address Overtaking
On Wed, 24 Jan 2001, Andreas Brodmann wrote: > > On normal internetworking hosts, without the necessity of high availability > this works fine. Not all hosts do update or even flush their arp cache with > the same frequency though. Some have a cycle of less than one minute on > routers on the other hand the default arp cache timeout is a lot higher which > would force clients not in the same subnet to wait until the router flushes > its arp cache until they can access your FreeBSD machine again. > -> not ha compliant. The time it takes to flush is very small. During that time the router queue's up the request and waits for a reply. Once the router has it, everything is transparent. I would not recommend playing with MAC addresses at all. Switch things using IP and let the ARP protocol take care of itself. > There is a way to solve this problem by having a second interface in each > cluster > partner serving as standby interface. To this interface you assign the mac of > its > partner's interface and all its interfaces ip addresses. > > Just a hint: Have a look at scyld.com and Donald Becker's new Linux driver > architecture. Many new cards allow for using more than one mac per card > even without going into promiscuous mode. They can then be assigned to > different subinterfaces. I don't know wheter the FreeBSD drivers support > this. Anyway we still keep to the old fashioned way mentionned above, as the > new Linux network driver architecture is not yet as stable as it could be, but > once it is this would solve your problem. I think this is a bad idea in a clustering enviroment. You are taking the job of a switch and moving it to the card/software by fiddling with MAC addresses on the hosts. I guess I can see where this may be useful (trunking) but taking over the MAC could cause problems...like duplicate MAC's etc,etc. Of course, this is my opinion and I could be wrong. Nick Rogness - Keep on routing in a Free World... "FreeBSD: The Power to Serve " To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: IP Address Overtaking
> On normal internetworking hosts, without the necessity of high availability > this works fine. Not all hosts do update or even flush their arp cache with > the same frequency though. Some have a cycle of less than one minute on > routers on the other hand the default arp cache timeout is a lot higher which > would force clients not in the same subnet to wait until the router flushes > its arp cache until they can access your FreeBSD machine again. Hosts will not wait for the arp cache to expire because FreeBSD is broadcasting that mac address changed and all hosts must update their cache info if they want to be compliant with arp protocol. Check the arpspoof tool from the dsniff software, it is doing the same thing. > There is a way to solve this problem by having a second interface in each cluster > partner serving as standby interface. To this interface you assign the mac of > its partner's interface and all its interfaces ip addresses. Yes, you could do that if you are using hosts which are not compliant with arp protocol, but I don't plan to use such hosts, all unix boxes, routers and windows are compliant, so I don't see the reason to complicate things with the mac address changing, you rarely need this. > Just a hint: Have a look at scyld.com and Donald Becker's new Linux driver > architecture. Many new cards allow for using more than one mac per card > even without going into promiscuous mode. They can then be assigned to > different subinterfaces. I don't know wheter the FreeBSD drivers support > this. Anyway we still keep to the old fashioned way mentionned above, as the > new Linux network driver architecture is not yet as stable as it could be, but > once it is this would solve your problem. You would probably have to change driver to support this for each card you plan to use. Again, I don't see any reason to overtake mac address. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: IP Address Overtaking
> > just a suggestion: In production environments it is a must to also > > take over the cluster partner's mac address. Something that > > would make a nice plus to your script. > > I was thinking about that I don't see that this is a must in production > environment because when you assign a new virtual address to the interface > broadcast is done and all hosts that have that ip in the arp cache are > updated. It is clearly stated in arp protocol that ip address can be moved > from host to host, that is why arp spoofing works. On normal internetworking hosts, without the necessity of high availability this works fine. Not all hosts do update or even flush their arp cache with the same frequency though. Some have a cycle of less than one minute on routers on the other hand the default arp cache timeout is a lot higher which would force clients not in the same subnet to wait until the router flushes its arp cache until they can access your FreeBSD machine again. -> not ha compliant. > The problem with mac address is that you can have only one per interface and > I would like to have more virtual addresses per interface. If I wanted to > have five ip addresses per host I would need to have five mac addresses at > the same time on the same interface which is as far as I know not so > possible, especially using only shell tools. There is a way to solve this problem by having a second interface in each cluster partner serving as standby interface. To this interface you assign the mac of its partner's interface and all its interfaces ip addresses. Just a hint: Have a look at scyld.com and Donald Becker's new Linux driver architecture. Many new cards allow for using more than one mac per card even without going into promiscuous mode. They can then be assigned to different subinterfaces. I don't know wheter the FreeBSD drivers support this. Anyway we still keep to the old fashioned way mentionned above, as the new Linux network driver architecture is not yet as stable as it could be, but once it is this would solve your problem. Regards, Andreas --- switch To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: IP Address Overtaking
> just a suggestion: In production environments it is a must to also > take over the cluster partner's mac address. Something that > would make a nice plus to your script. I was thinking about that I don't see that this is a must in production environment because when you assign a new virtual address to the interface broadcast is done and all hosts that have that ip in the arp cache are updated. It is clearly stated in arp protocol that ip address can be moved from host to host, that is why arp spoofing works. The problem with mac address is that you can have only one per interface and I would like to have more virtual addresses per interface. If I wanted to have five ip addresses per host I would need to have five mac addresses at the same time on the same interface which is as far as I know not so possible, especially using only shell tools. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: IP Address Overtaking
Hi Dejvid, just a suggestion: In production environments it is a must to also take over the cluster partner's mac address. Something that would make a nice plus to your script. Regards, Andreas --- switch To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: IP Address Overtaking
On Tuesday, January 23, 2001, Dejvid Zaninovic wrote: > I could not find any non-commercial IP Address overtaking solution for > FreeBSD so I wrote this simple shell script. If you find it useful you can > use it. Just a note: This script doesn't look like it implements anything that our own /bin/sh needs. Should somebody make this into a port, that's one less dependancy. -- +---+--+ | Chris Costello| Herblock's Law: | | [EMAIL PROTECTED] | If it is good, they will stop making it. | +---+--+ To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: IP Address Overtaking
> > What is "IP Address > > overtaking"? > > It is a way to move IP address from one host to another, it is used for > redundancy purposes. If one host goes down the second take over. Commonly referred to as "IP failover". -- ... every activity meets with opposition, everyone who acts has his rivals and unfortunately opponents also. But not because people want to be opponents, rather because the tasks and relationships force people to take different points of view. [Dr. Fritz Todt] V I C T O R Y N O T V E N G E A N C E To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
RE: IP Address Overtaking
Server B takes over a virtual IP address of server A when server A fails. -Original Message- From: Dan Langille [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 23, 2001 12:31 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: IP Address Overtaking DZ wrote: > I could not find any non-commercial IP Address overtaking solution for > FreeBSD so I wrote this simple shell script. If you find it useful you can > use it. What is "IP Address overtaking"? - This message was sent using Endymion MailMan. http://www.endymion.com/products/mailman/ To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
RE: IP Address Overtaking
> What is "IP Address > overtaking"? It is a way to move IP address from one host to another, it is used for redundancy purposes. If one host goes down the second take over. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: IP Address Overtaking
DZ wrote: > I could not find any non-commercial IP Address overtaking solution for > FreeBSD so I wrote this simple shell script. If you find it useful you can > use it. What is "IP Address overtaking"? - This message was sent using Endymion MailMan. http://www.endymion.com/products/mailman/ To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message