Mailing List Archive: Linux-HA: Users

IP Clone

Index | Next | Previous | View Threaded

Yount.William at menloworldwide

Aug 16, 2012, 7:09 PM

Post #1 of 23 (562 views)
Permalink

IP Clone

I have two servers. I am using pacemaker/cman(corosync). I am trying to share an IP address between them. I would like the IP address to run on both servers at the same time. However, my testing has shown that the IP address stays locked onto Server2. If I put Server2 in standby, then the IP address is no longer reachable even though it shows it is running on Server1. I was wondering if anyone could spot the reason why in the configuration below:

<cib epoch="1177" num_updates="0" admin_epoch="0" validate-with="pacemaker-1.2" cib-last-written="Thu Aug 16 20:49:46 2012" crm_feature_set="3.0.6" update-origin="Server2" update-client="crmd" have-quorum="1" dc-uuid=" Server1">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-dc-version" name="dc-version" value="1.1.7-6.el6-148fccfd5985c5590cc601123c6c16e966b85d14"/>
<nvpair id="cib-bootstrap-options-cluster-infrastructure" name="cluster-infrastructure" value="cman"/>
<nvpair id="cib-bootstrap-options-expected-quorum-votes" name="expected-quorum-votes" value="2"/>
<nvpair id="cib-bootstrap-options-stonith-enabled" name="stonith-enabled" value="false"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
<nvpair id="cib-bootstrap-options-last-lrm-refresh" name="last-lrm-refresh" value="1345168331"/>
</cluster_property_set>
</crm_config>
<nodes>
<node id=" Server1" type="normal" uname="Server1">
<instance_attributes id="nodes-Server1">
<nvpair id="nodes- Server1-standby" name="standby" value="off"/>
</instance_attributes>
</node>
<node id="Server2" type="normal" uname="Server2">
<instance_attributes id="nodes-Server2">
<nvpair id="nodes- Server2-standby" name="standby" value="off"/>
</instance_attributes>
</node>
</nodes>
<resources>
<clone id="cl_IPaddr2_1">
<meta_attributes id="cl_IPaddr2_1-meta_attributes">
<nvpair id="cl_IPaddr2_1-meta_attributes-clone-max" name="clone-max" value="2"/>
<nvpair id="cl_IPaddr2_1-meta_attributes-notify" name="notify" value="true"/>
<nvpair id="cl_IPaddr2_1-meta_attributes-interleave" name="interleave" value="true"/>
</meta_attributes>
<primitive id="res_IPaddr2_1" class="ocf" provider="heartbeat" type="IPaddr2">
<instance_attributes id="res_IPaddr2_1-instance_attributes">
<nvpair id="nvpair-res_IPaddr2_1-ip" name="ip" value="10.89.99.30"/>
<nvpair id="nvpair-res_IPaddr2_1-cidr_netmask" name="cidr_netmask" value="22"/>
</instance_attributes>
<operations id="res_IPaddr2_1-operations">
<op interval="0" id="op-res_IPaddr2_1-start" name="start" timeout="20"/>
<op interval="0" id="op-res_IPaddr2_1-stop" name="stop" timeout="20"/>
<op id="op-res_IPaddr2_1-monitor" name="monitor" interval="10" timeout="20" start-delay="0"/>
</operations>
<meta_attributes id="res_IPaddr2_1-meta_attributes"/>
</primitive>
</clone>
</resources>
<constraints/>
<op_defaults>
<meta_attributes id="op-options">
<nvpair id="op-options-timeout" name="timeout" value="240s"/>
</meta_attributes>
</op_defaults>
<rsc_defaults>
<meta_attributes id="rsc-options">
<nvpair id="rsc-options-resource-stickiness" name="resource-stickiness" value="100"/>
</meta_attributes>
</rsc_defaults>
</configuration>
</cib>

Thanks,
William
_______________________________________________
Linux-HA mailing list
Linux-HA [at] lists
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems

Yount.William at menloworldwide

Aug 20, 2012, 2:19 PM

Post #2 of 23 (531 views)
Permalink

Re: IP Clone [In reply to]

No ideas?

-----Original Message-----
From: linux-ha-bounces [at] lists [mailto:linux-ha-bounces [at] lists] On Behalf Of Yount, William D
Sent: Thursday, August 16, 2012 9:09 PM
To: linux-ha [at] lists
Subject: [Linux-HA] IP Clone

I have two servers. I am using pacemaker/cman(corosync). I am trying to share an IP address between them. I would like the IP address to run on both servers at the same time. However, my testing has shown that the IP address stays locked onto Server2. If I put Server2 in standby, then the IP address is no longer reachable even though it shows it is running on Server1. I was wondering if anyone could spot the reason why in the configuration below:

<cib epoch="1177" num_updates="0" admin_epoch="0" validate-with="pacemaker-1.2" cib-last-written="Thu Aug 16 20:49:46 2012" crm_feature_set="3.0.6" update-origin="Server2" update-client="crmd" have-quorum="1" dc-uuid=" Server1">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-dc-version" name="dc-version" value="1.1.7-6.el6-148fccfd5985c5590cc601123c6c16e966b85d14"/>
<nvpair id="cib-bootstrap-options-cluster-infrastructure" name="cluster-infrastructure" value="cman"/>
<nvpair id="cib-bootstrap-options-expected-quorum-votes" name="expected-quorum-votes" value="2"/>
<nvpair id="cib-bootstrap-options-stonith-enabled" name="stonith-enabled" value="false"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
<nvpair id="cib-bootstrap-options-last-lrm-refresh" name="last-lrm-refresh" value="1345168331"/>
</cluster_property_set>
</crm_config>
<nodes>
<node id=" Server1" type="normal" uname="Server1">
<instance_attributes id="nodes-Server1">
<nvpair id="nodes- Server1-standby" name="standby" value="off"/>
</instance_attributes>
</node>
<node id="Server2" type="normal" uname="Server2">
<instance_attributes id="nodes-Server2">
<nvpair id="nodes- Server2-standby" name="standby" value="off"/>
</instance_attributes>
</node>
</nodes>
<resources>
<clone id="cl_IPaddr2_1">
<meta_attributes id="cl_IPaddr2_1-meta_attributes">
<nvpair id="cl_IPaddr2_1-meta_attributes-clone-max" name="clone-max" value="2"/>
<nvpair id="cl_IPaddr2_1-meta_attributes-notify" name="notify" value="true"/>
<nvpair id="cl_IPaddr2_1-meta_attributes-interleave" name="interleave" value="true"/>
</meta_attributes>
<primitive id="res_IPaddr2_1" class="ocf" provider="heartbeat" type="IPaddr2">
<instance_attributes id="res_IPaddr2_1-instance_attributes">
<nvpair id="nvpair-res_IPaddr2_1-ip" name="ip" value="10.89.99.30"/>
<nvpair id="nvpair-res_IPaddr2_1-cidr_netmask" name="cidr_netmask" value="22"/>
</instance_attributes>
<operations id="res_IPaddr2_1-operations">
<op interval="0" id="op-res_IPaddr2_1-start" name="start" timeout="20"/>
<op interval="0" id="op-res_IPaddr2_1-stop" name="stop" timeout="20"/>
<op id="op-res_IPaddr2_1-monitor" name="monitor" interval="10" timeout="20" start-delay="0"/>
</operations>
<meta_attributes id="res_IPaddr2_1-meta_attributes"/>
</primitive>
</clone>
</resources>
<constraints/>
<op_defaults>
<meta_attributes id="op-options">
<nvpair id="op-options-timeout" name="timeout" value="240s"/>
</meta_attributes>
</op_defaults>
<rsc_defaults>
<meta_attributes id="rsc-options">
<nvpair id="rsc-options-resource-stickiness" name="resource-stickiness" value="100"/>
</meta_attributes>
</rsc_defaults>
</configuration>
</cib>

Thanks,
William
_______________________________________________
Linux-HA mailing list
Linux-HA [at] lists
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems
_______________________________________________
Linux-HA mailing list
Linux-HA [at] lists
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems

David_Lang at Intuit

Aug 20, 2012, 2:22 PM

Post #3 of 23 (520 views)
Permalink

Re: IP Clone [In reply to]

to have the same IP on both systems at the same time, you need to use something
like CLUSTERIP

David Lang

On Mon, 20 Aug 2012, Yount, William D wrote:

> Date: Mon, 20 Aug 2012 14:19:59 -0700
> From: "Yount, William D" <Yount.William [at] menloworldwide>
> Reply-To: General Linux-HA mailing list <linux-ha [at] lists>
> To: General Linux-HA mailing list <linux-ha [at] lists>
> Subject: Re: [Linux-HA] IP Clone
>
> No ideas?
>
> -----Original Message-----
> From: linux-ha-bounces [at] lists [mailto:linux-ha-bounces [at] lists] On Behalf Of Yount, William D
> Sent: Thursday, August 16, 2012 9:09 PM
> To: linux-ha [at] lists
> Subject: [Linux-HA] IP Clone
>
> I have two servers. I am using pacemaker/cman(corosync). I am trying to share an IP address between them. I would like the IP address to run on both servers at the same time. However, my testing has shown that the IP address stays locked onto Server2. If I put Server2 in standby, then the IP address is no longer reachable even though it shows it is running on Server1. I was wondering if anyone could spot the reason why in the configuration below:
>
> <cib epoch="1177" num_updates="0" admin_epoch="0" validate-with="pacemaker-1.2" cib-last-written="Thu Aug 16 20:49:46 2012" crm_feature_set="3.0.6" update-origin="Server2" update-client="crmd" have-quorum="1" dc-uuid=" Server1">
> <configuration>
> <crm_config>
> <cluster_property_set id="cib-bootstrap-options">
> <nvpair id="cib-bootstrap-options-dc-version" name="dc-version" value="1.1.7-6.el6-148fccfd5985c5590cc601123c6c16e966b85d14"/>
> <nvpair id="cib-bootstrap-options-cluster-infrastructure" name="cluster-infrastructure" value="cman"/>
> <nvpair id="cib-bootstrap-options-expected-quorum-votes" name="expected-quorum-votes" value="2"/>
> <nvpair id="cib-bootstrap-options-stonith-enabled" name="stonith-enabled" value="false"/>
> <nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
> <nvpair id="cib-bootstrap-options-last-lrm-refresh" name="last-lrm-refresh" value="1345168331"/>
> </cluster_property_set>
> </crm_config>
> <nodes>
> <node id=" Server1" type="normal" uname="Server1">
> <instance_attributes id="nodes-Server1">
> <nvpair id="nodes- Server1-standby" name="standby" value="off"/>
> </instance_attributes>
> </node>
> <node id="Server2" type="normal" uname="Server2">
> <instance_attributes id="nodes-Server2">
> <nvpair id="nodes- Server2-standby" name="standby" value="off"/>
> </instance_attributes>
> </node>
> </nodes>
> <resources>
> <clone id="cl_IPaddr2_1">
> <meta_attributes id="cl_IPaddr2_1-meta_attributes">
> <nvpair id="cl_IPaddr2_1-meta_attributes-clone-max" name="clone-max" value="2"/>
> <nvpair id="cl_IPaddr2_1-meta_attributes-notify" name="notify" value="true"/>
> <nvpair id="cl_IPaddr2_1-meta_attributes-interleave" name="interleave" value="true"/>
> </meta_attributes>
> <primitive id="res_IPaddr2_1" class="ocf" provider="heartbeat" type="IPaddr2">
> <instance_attributes id="res_IPaddr2_1-instance_attributes">
> <nvpair id="nvpair-res_IPaddr2_1-ip" name="ip" value="10.89.99.30"/>
> <nvpair id="nvpair-res_IPaddr2_1-cidr_netmask" name="cidr_netmask" value="22"/>
> </instance_attributes>
> <operations id="res_IPaddr2_1-operations">
> <op interval="0" id="op-res_IPaddr2_1-start" name="start" timeout="20"/>
> <op interval="0" id="op-res_IPaddr2_1-stop" name="stop" timeout="20"/>
> <op id="op-res_IPaddr2_1-monitor" name="monitor" interval="10" timeout="20" start-delay="0"/>
> </operations>
> <meta_attributes id="res_IPaddr2_1-meta_attributes"/>
> </primitive>
> </clone>
> </resources>
> <constraints/>
> <op_defaults>
> <meta_attributes id="op-options">
> <nvpair id="op-options-timeout" name="timeout" value="240s"/>
> </meta_attributes>
> </op_defaults>
> <rsc_defaults>
> <meta_attributes id="rsc-options">
> <nvpair id="rsc-options-resource-stickiness" name="resource-stickiness" value="100"/>
> </meta_attributes>
> </rsc_defaults>
> </configuration>
> </cib>
>
>
> Thanks,
> William
> _______________________________________________
> Linux-HA mailing list
> Linux-HA [at] lists
> http://lists.linux-ha.org/mailman/listinfo/linux-ha
> See also: http://linux-ha.org/ReportingProblems
> _______________________________________________
> Linux-HA mailing list
> Linux-HA [at] lists
> http://lists.linux-ha.org/mailman/listinfo/linux-ha
> See also: http://linux-ha.org/ReportingProblems
>
_______________________________________________
Linux-HA mailing list
Linux-HA [at] lists
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems

dmaziuk at bmrb

Aug 20, 2012, 2:56 PM

Post #4 of 23 (531 views)
Permalink

Re: IP Clone [In reply to]

On 08/20/2012 04:19 PM, Yount, William D wrote:
> No ideas?

You lost me at "I would like the IP address to run on both servers at
the same time" -- IME pacemaker not letting you do that is a feature.

--
Dimitri Maziuk
Programmer/sysadmin
BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu

Attachments:

signature.asc (0.25 KB)

Yount.William at menloworldwide

Aug 20, 2012, 3:01 PM

Post #5 of 23 (530 views)
Permalink

Re: IP Clone [In reply to]

I am trying to set up an Active/Active cluster. I have an Active/Passive cluster up and running.

I don't understand how it could be called an Active/Active cluster if you aren't allowed to run the IP address on two servers at once. Even if all other services are running on two servers at once, only one server is available at a time.

I am trying to set this up in a VM environment. My VM nodes have to look for their VM storage on an IP address. They can't really bounce back and forth between two IP addresses, at least not automatically.

-----Original Message-----
From: linux-ha-bounces [at] lists [mailto:linux-ha-bounces [at] lists] On Behalf Of Dimitri Maziuk
Sent: Monday, August 20, 2012 4:56 PM
To: linux-ha [at] lists
Subject: Re: [Linux-HA] IP Clone

On 08/20/2012 04:19 PM, Yount, William D wrote:
> No ideas?

You lost me at "I would like the IP address to run on both servers at the same time" -- IME pacemaker not letting you do that is a feature.

--
Dimitri Maziuk
Programmer/sysadmin
BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu

_______________________________________________
Linux-HA mailing list
Linux-HA [at] lists
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems

dmaziuk at bmrb

Aug 20, 2012, 3:49 PM

Post #6 of 23 (530 views)
Permalink

Re: IP Clone [In reply to]

On 08/20/2012 05:01 PM, Yount, William D wrote:
> I am trying to set up an Active/Active cluster. I have an
Active/Passive cluster up and running.

I don't remember seeing a clear explanation of when, where, and why
you'd actually want an active/active cluster. I never needed one myself,
so can't really help you there.

> I don't understand how it could be called an Active/Active cluster
> if you aren't allowed to run the IP address on two servers at once.

You are not allowed to run the IP address on two servers at once, full
stop. Complain to Rob Kahn and Vint Cerf.

--
Dimitri Maziuk
Programmer/sysadmin
BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu

Attachments:

signature.asc (0.25 KB)

Yount.William at menloworldwide

Aug 20, 2012, 3:54 PM

Post #7 of 23 (531 views)
Permalink

Re: IP Clone [In reply to]

No, no complaining. Just glad to get a definitive answer on it. Active/Active made me think something that I guess isn't true. No worries. Honestly, thanks for the reply. Without you, I would have kept trying and trying and trying.

-----Original Message-----
From: linux-ha-bounces [at] lists [mailto:linux-ha-bounces [at] lists] On Behalf Of Dimitri Maziuk
Sent: Monday, August 20, 2012 5:50 PM
To: linux-ha [at] lists
Subject: Re: [Linux-HA] IP Clone

On 08/20/2012 05:01 PM, Yount, William D wrote:
> I am trying to set up an Active/Active cluster. I have an
Active/Passive cluster up and running.

I don't remember seeing a clear explanation of when, where, and why you'd actually want an active/active cluster. I never needed one myself, so can't really help you there.

> I don't understand how it could be called an Active/Active cluster if
> you aren't allowed to run the IP address on two servers at once.

You are not allowed to run the IP address on two servers at once, full stop. Complain to Rob Kahn and Vint Cerf.

--
Dimitri Maziuk
Programmer/sysadmin
BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu

_______________________________________________
Linux-HA mailing list
Linux-HA [at] lists
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems

David_Lang at Intuit

Aug 20, 2012, 4:01 PM

Post #8 of 23 (518 views)
Permalink

Re: IP Clone [In reply to]

Dimitri Maziuk said:

>On 08/20/2012 05:01 PM, Yount, William D wrote:
>> I am trying to set up an Active/Active cluster. I have an
>> Active/Passive cluster up and running.
>
> I don't remember seeing a clear explanation of when, where, and why
> you'd actually want an active/active cluster. I never needed one myself,
> so can't really help you there.

you need an active/active cluster when the load is too heavy for a single box to
handle it.

>> I don't understand how it could be called an Active/Active cluster
>> if you aren't allowed to run the IP address on two servers at once.
>
> You are not allowed to run the IP address on two servers at once, full
> stop. Complain to Rob Kahn and Vint Cerf.

This is not true. It is possible to run the same IP address on two servers at
the same time. CLUSTERIP is the way to do it for load sharing in one network.
ANYCAST is the approach you would use to distribute the work across different
datacenters.

ANYCAST has severe limitations on what you can do with it, but CLUSTERIP is far
more flexible and can work in just about any local active/active problem.

David Lang
_______________________________________________
Linux-HA mailing list
Linux-HA [at] lists
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems

andrew at beekhof

Aug 20, 2012, 5:32 PM

Post #9 of 23 (530 views)
Permalink

Re: IP Clone [In reply to]

On Tue, Aug 21, 2012 at 8:49 AM, Dimitri Maziuk <dmaziuk [at] bmrb> wrote:
> On 08/20/2012 05:01 PM, Yount, William D wrote:
>> I am trying to set up an Active/Active cluster. I have an
> Active/Passive cluster up and running.
>
> I don't remember seeing a clear explanation of when, where, and why
> you'd actually want an active/active cluster. I never needed one myself,
> so can't really help you there.
>
>> I don't understand how it could be called an Active/Active cluster
>> if you aren't allowed to run the IP address on two servers at once.
>
> You are not allowed to run the IP address on two servers at once, full
> stop. Complain to Rob Kahn and Vint Cerf.

Thats not strictly true.
But you do need some fun iptables rules to ensure requests only make
it through to a single machine (eg. by using a hash function to sort
requests into 1 of N "buckets").
Its a poor-mans load balancer.

IPaddr2 has such functionality.
_______________________________________________
Linux-HA mailing list
Linux-HA [at] lists
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems

andrew at beekhof

Aug 20, 2012, 5:35 PM

Post #10 of 23 (530 views)
Permalink

Re: IP Clone [In reply to]

On Fri, Aug 17, 2012 at 12:09 PM, Yount, William D
<Yount.William [at] menloworldwide> wrote:
> I have two servers. I am using pacemaker/cman(corosync). I am trying to share an IP address between them. I would like the IP address to run on both servers at the same time. However, my testing has shown that the IP address stays locked onto Server2. If I put Server2 in standby, then the IP address is no longer reachable even though it shows it is running on Server1. I was wondering if anyone could spot the reason why in the configuration below:

You haven't enabled notifications for the clone.
These are needed to tell the surviving clone instance that it should
handle the bucket previous "owned" by the instance that was just
stopped.

>
> <cib epoch="1177" num_updates="0" admin_epoch="0" validate-with="pacemaker-1.2" cib-last-written="Thu Aug 16 20:49:46 2012" crm_feature_set="3.0.6" update-origin="Server2" update-client="crmd" have-quorum="1" dc-uuid=" Server1">
> <configuration>
> <crm_config>
> <cluster_property_set id="cib-bootstrap-options">
> <nvpair id="cib-bootstrap-options-dc-version" name="dc-version" value="1.1.7-6.el6-148fccfd5985c5590cc601123c6c16e966b85d14"/>
> <nvpair id="cib-bootstrap-options-cluster-infrastructure" name="cluster-infrastructure" value="cman"/>
> <nvpair id="cib-bootstrap-options-expected-quorum-votes" name="expected-quorum-votes" value="2"/>
> <nvpair id="cib-bootstrap-options-stonith-enabled" name="stonith-enabled" value="false"/>
> <nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
> <nvpair id="cib-bootstrap-options-last-lrm-refresh" name="last-lrm-refresh" value="1345168331"/>
> </cluster_property_set>
> </crm_config>
> <nodes>
> <node id=" Server1" type="normal" uname="Server1">
> <instance_attributes id="nodes-Server1">
> <nvpair id="nodes- Server1-standby" name="standby" value="off"/>
> </instance_attributes>
> </node>
> <node id="Server2" type="normal" uname="Server2">
> <instance_attributes id="nodes-Server2">
> <nvpair id="nodes- Server2-standby" name="standby" value="off"/>
> </instance_attributes>
> </node>
> </nodes>
> <resources>
> <clone id="cl_IPaddr2_1">
> <meta_attributes id="cl_IPaddr2_1-meta_attributes">
> <nvpair id="cl_IPaddr2_1-meta_attributes-clone-max" name="clone-max" value="2"/>
> <nvpair id="cl_IPaddr2_1-meta_attributes-notify" name="notify" value="true"/>
> <nvpair id="cl_IPaddr2_1-meta_attributes-interleave" name="interleave" value="true"/>
> </meta_attributes>
> <primitive id="res_IPaddr2_1" class="ocf" provider="heartbeat" type="IPaddr2">
> <instance_attributes id="res_IPaddr2_1-instance_attributes">
> <nvpair id="nvpair-res_IPaddr2_1-ip" name="ip" value="10.89.99.30"/>
> <nvpair id="nvpair-res_IPaddr2_1-cidr_netmask" name="cidr_netmask" value="22"/>
> </instance_attributes>
> <operations id="res_IPaddr2_1-operations">
> <op interval="0" id="op-res_IPaddr2_1-start" name="start" timeout="20"/>
> <op interval="0" id="op-res_IPaddr2_1-stop" name="stop" timeout="20"/>
> <op id="op-res_IPaddr2_1-monitor" name="monitor" interval="10" timeout="20" start-delay="0"/>
> </operations>
> <meta_attributes id="res_IPaddr2_1-meta_attributes"/>
> </primitive>
> </clone>
> </resources>
> <constraints/>
> <op_defaults>
> <meta_attributes id="op-options">
> <nvpair id="op-options-timeout" name="timeout" value="240s"/>
> </meta_attributes>
> </op_defaults>
> <rsc_defaults>
> <meta_attributes id="rsc-options">
> <nvpair id="rsc-options-resource-stickiness" name="resource-stickiness" value="100"/>
> </meta_attributes>
> </rsc_defaults>
> </configuration>
> </cib>
>
>
> Thanks,
> William
> _______________________________________________
> Linux-HA mailing list
> Linux-HA [at] lists
> http://lists.linux-ha.org/mailman/listinfo/linux-ha
> See also: http://linux-ha.org/ReportingProblems
_______________________________________________
Linux-HA mailing list
Linux-HA [at] lists
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems

dmaziuk at bmrb

Aug 20, 2012, 10:22 PM

Post #11 of 23 (523 views)
Permalink

Re: IP Clone [In reply to]

On 8/20/2012 7:32 PM, Andrew Beekhof wrote:
> On Tue, Aug 21, 2012 at 8:49 AM, Dimitri Maziuk <dmaziuk [at] bmrb> wrote:

>> You are not allowed to run the IP address on two servers at once, full
>> stop. Complain to Rob Kahn and Vint Cerf.
>
> Thats not strictly true.

In the same way it's not strictly true that every phone must have a
unique number: if you don't mind other people getting your important
calls then by all means.

CLUSTERIP which you presumably mean by "fun with iptables" is basically
"Jack gets all calls from even area codes and Jill: from odd area
codes". Yeah, you cold do that, I just can't imagine why.

Because the commonly given rationale for all this is load balancing and
-- well, duh -- there are load balancers for that. They don't require
same ip address on multiple hosts either.

Dima

_______________________________________________
Linux-HA mailing list
Linux-HA [at] lists
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems

andrew at beekhof

Aug 20, 2012, 11:26 PM

Post #12 of 23 (524 views)
Permalink

Re: IP Clone [In reply to]

On Tue, Aug 21, 2012 at 3:22 PM, Dimitri Maziuk <dmaziuk [at] bmrb> wrote:
> On 8/20/2012 7:32 PM, Andrew Beekhof wrote:
>> On Tue, Aug 21, 2012 at 8:49 AM, Dimitri Maziuk <dmaziuk [at] bmrb> wrote:
>
>>> You are not allowed to run the IP address on two servers at once, full
>>> stop. Complain to Rob Kahn and Vint Cerf.
>>
>> Thats not strictly true.
>
> In the same way it's not strictly true that every phone must have a
> unique number: if you don't mind other people getting your important
> calls then by all means.
>
> CLUSTERIP which you presumably mean by "fun with iptables" is basically
> "Jack gets all calls from even area codes and Jill: from odd area
> codes".

This is a completely broken analogy.
But since you've already decided the whole concept is stupid I'll not
waste time correcting it.

> Yeah, you cold do that, I just can't imagine why.
>
> Because the commonly given rationale for all this is load balancing and
> -- well, duh -- there are load balancers for that. They don't require
> same ip address on multiple hosts either.
>
> Dima
>
> _______________________________________________
> Linux-HA mailing list
> Linux-HA [at] lists
> http://lists.linux-ha.org/mailman/listinfo/linux-ha
> See also: http://linux-ha.org/ReportingProblems
_______________________________________________
Linux-HA mailing list
Linux-HA [at] lists
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems

lmb at suse

Aug 21, 2012, 12:28 AM

Post #13 of 23 (522 views)
Permalink

Re: IP Clone [In reply to]

On 2012-08-21T00:22:00, Dimitri Maziuk <dmaziuk [at] bmrb> wrote:

> CLUSTERIP which you presumably mean by "fun with iptables" is basically
> "Jack gets all calls from even area codes and Jill: from odd area
> codes". Yeah, you cold do that, I just can't imagine why.
>
> Because the commonly given rationale for all this is load balancing and
> -- well, duh -- there are load balancers for that. They don't require
> same ip address on multiple hosts either.

Some customers want to do this for a simple load balancing solution that
doesn't require additional load balancing hosts. It's not the worst idea
for 2-3 nodes, especially with an asymmetric connection profile (i.e.,
little data in, lots of data out).

I have a preference for active/passive clusters as long as that remains
feasible, since that makes the architecture simpler. But once one goes
beyond that, it's nice to have options.

Regards,
Lars

--
Architect Storage/HA
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imend�rffer, HRB 21284 (AG N�rnberg)
"Experience is the name everyone gives to their mistakes." -- Oscar Wilde

_______________________________________________
Linux-HA mailing list
Linux-HA [at] lists
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems

dmaziuk at bmrb

Aug 21, 2012, 7:44 AM

Post #14 of 23 (521 views)
Permalink

Re: IP Clone [In reply to]

On 8/21/2012 2:28 AM, Lars Marowsky-Bree wrote:
> On 2012-08-21T00:22:00, Dimitri Maziuk <dmaziuk [at] bmrb> wrote:
>
>> CLUSTERIP
...
> Some customers want to do this for a simple load balancing solution that
> doesn't require additional load balancing hosts. It's not the worst idea
> for 2-3 nodes, especially with an asymmetric connection profile (i.e.,
> little data in, lots of data out).

<shrug/> I fail to see the advantage over, say, RRDNS, or
heartbeat+ldirectord, but that's just me. (@Andrew: it is a fascinating
intellectual excersize, I didn't say it was stupid in itself.)

> I have a preference for active/passive clusters as long as that remains
> feasible, since that makes the architecture simpler. But once one goes
> beyond that, it's nice to have options.

Yeah, sure. Original Poster asked what's the point of an active-active
cluster without the same ip address on all nodes and my answer is still
"tcp/ip doesn't work that way". Pointing him to clusterip, anycast, and
whatever other clever tricks people came up with is IMO the opposite of
helpful.

Dima

_______________________________________________
Linux-HA mailing list
Linux-HA [at] lists
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems

seligman at nevis

Aug 21, 2012, 9:54 AM

Post #15 of 23 (519 views)
Permalink

Re: IP Clone [In reply to]

On 8/20/12 6:54 PM, Yount, William D wrote:
> No, no complaining. Just glad to get a definitive answer on it. Active/Active made me think something that I guess isn't true. No worries. Honestly, thanks for the reply. Without you, I would have kept trying and trying and trying.
>
>
>
> -----Original Message-----
> From: linux-ha-bounces [at] lists [mailto:linux-ha-bounces [at] lists] On Behalf Of Dimitri Maziuk
> Sent: Monday, August 20, 2012 5:50 PM
> To: linux-ha [at] lists
> Subject: Re: [Linux-HA] IP Clone
>
> On 08/20/2012 05:01 PM, Yount, William D wrote:
>> I am trying to set up an Active/Active cluster. I have an
> Active/Passive cluster up and running.
>
> I don't remember seeing a clear explanation of when, where, and why you'd actually want an active/active cluster. I never needed one myself, so can't really help you there.
>
>> I don't understand how it could be called an Active/Active cluster if
>> you aren't allowed to run the IP address on two servers at once.
>
> You are not allowed to run the IP address on two servers at once, full stop. Complain to Rob Kahn and Vint Cerf.

For what it's worth, I run an Active/Active cluster (probably for all the wrong
reasons). IP cloning works fine for me. Here's my setup:

primitive IP_cluster ocf:heartbeat:IPaddr2 \
params ip="129.236.252.11" cidr_netmask="32" nic="eth0" \
op monitor interval="30s" \
meta resource-stickiness="0"

clone IPClone IP_cluster \
meta globally-unique="true" clone-max="2" clone-node-max="2" \
interleave="false" target-role="Started"

Pretty much the canonical version from "Clusters From Scratch". Here's what I've
noticed:

- I needed iptables running to make this work.

- This gave me a consistent MAC address for the cluster IP address of
129.236.252.11, improving the availability of the connection.

- I didn't see much load balancing after the first time I set it up. Mostly both
clone instances run on a single node of my two-node cluster. For my needs,
that's OK, since for me load-balancing is a much lower priority than availability.
--
Bill Seligman | Phone: (914) 591-2823
Nevis Labs, Columbia Univ | mailto://seligman [at] nevis
PO Box 137 |
Irvington NY 10533 USA | http://www.nevis.columbia.edu/~seligman/

Attachments:

smime.p7s (4.40 KB)

dmaziuk at bmrb

Aug 21, 2012, 10:05 AM

Post #16 of 23 (518 views)
Permalink

Re: IP Clone [In reply to]

On 08/20/2012 06:01 PM, David Lang wrote:

> ANYCAST has severe limitations on what you can do with it, but CLUSTERIP is far
> more flexible and can work in just about any local active/active problem.

Apples have severe limitations on the amount of orange juice you can
squeeze out of them, but oranges are far more juicy.

-- in other words, that is misleading at best.

Anycast is a router hack so it works over *routed* networks. Clusterip
is *link-layer* broadcast so it works on single ethernet segment.

One is for keeping core dns servers operational if the Internet breaks,
the other is for when ldirectord is "too hard".

One is for when multiple servers won't all reply at once because only
one of them is visible to the reachable network, the other has a fixed
rule that decides which server answers which clients.

And so on.

--
Dimitri Maziuk
Programmer/sysadmin
BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu

Attachments:

signature.asc (0.25 KB)

Yount.William at menloworldwide

Aug 21, 2012, 10:07 AM

Post #17 of 23 (519 views)
Permalink

Re: IP Clone [In reply to]

Ah, iptables is the missing ingredient. I really appreciate the heads-up.

-----Original Message-----
From: linux-ha-bounces [at] lists [mailto:linux-ha-bounces [at] lists] On Behalf Of William Seligman
Sent: Tuesday, August 21, 2012 11:55 AM
To: General Linux-HA mailing list
Subject: Re: [Linux-HA] IP Clone

On 8/20/12 6:54 PM, Yount, William D wrote:
> No, no complaining. Just glad to get a definitive answer on it. Active/Active made me think something that I guess isn't true. No worries. Honestly, thanks for the reply. Without you, I would have kept trying and trying and trying.
>
>
>
> -----Original Message-----
> From: linux-ha-bounces [at] lists
> [mailto:linux-ha-bounces [at] lists] On Behalf Of Dimitri
> Maziuk
> Sent: Monday, August 20, 2012 5:50 PM
> To: linux-ha [at] lists
> Subject: Re: [Linux-HA] IP Clone
>
> On 08/20/2012 05:01 PM, Yount, William D wrote:
>> I am trying to set up an Active/Active cluster. I have an
> Active/Passive cluster up and running.
>
> I don't remember seeing a clear explanation of when, where, and why you'd actually want an active/active cluster. I never needed one myself, so can't really help you there.
>
>> I don't understand how it could be called an Active/Active cluster if
>> you aren't allowed to run the IP address on two servers at once.
>
> You are not allowed to run the IP address on two servers at once, full stop. Complain to Rob Kahn and Vint Cerf.

For what it's worth, I run an Active/Active cluster (probably for all the wrong reasons). IP cloning works fine for me. Here's my setup:

primitive IP_cluster ocf:heartbeat:IPaddr2 \
params ip="129.236.252.11" cidr_netmask="32" nic="eth0" \
op monitor interval="30s" \
meta resource-stickiness="0"

clone IPClone IP_cluster \
meta globally-unique="true" clone-max="2" clone-node-max="2" \
interleave="false" target-role="Started"

Pretty much the canonical version from "Clusters From Scratch". Here's what I've
noticed:

- I needed iptables running to make this work.

- This gave me a consistent MAC address for the cluster IP address of 129.236.252.11, improving the availability of the connection.

- I didn't see much load balancing after the first time I set it up. Mostly both clone instances run on a single node of my two-node cluster. For my needs, that's OK, since for me load-balancing is a much lower priority than availability.
--
Bill Seligman | Phone: (914) 591-2823
Nevis Labs, Columbia Univ | mailto://seligman [at] nevis
PO Box 137 |
Irvington NY 10533 USA | http://www.nevis.columbia.edu/~seligman/

_______________________________________________
Linux-HA mailing list
Linux-HA [at] lists
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems

dmaziuk at bmrb

Aug 21, 2012, 10:28 AM

Post #18 of 23 (533 views)
Permalink

Re: IP Clone [In reply to]

On 08/21/2012 12:07 PM, Yount, William D wrote:
> Ah, iptables is the missing ingredient. I really appreciate the heads-up.

Heh. Just goes to prove you need to already know 70% of the answer in
order to ask the right question. Yes, to make clusterip aka ip clone
work you do need iptables.

> -----Original Message-----
> From: linux-ha-bounces [at] lists [mailto:linux-ha-bounces [at] lists] On Behalf Of William Seligman
> Sent: Tuesday, August 21, 2012 11:55 AM
> To: General Linux-HA mailing list
> Subject: Re: [Linux-HA] IP Clone
...
> - I didn't see much load balancing after the first time I set it up.
> Mostly both clone instances run on a single node of my two-node
> cluster. For my needs, that's OK, since for me load-balancing is a
> much lower priority than availability.

Playing with hashmode parameter might change that, but yes, that is how
clusterip works: you won't see much load balancing.

--
Dimitri Maziuk
Programmer/sysadmin
BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu

Attachments:

signature.asc (0.25 KB)

David_Lang at Intuit

Aug 21, 2012, 1:16 PM

Post #19 of 23 (515 views)
Permalink

Re: IP Clone [In reply to]

On Tue, 21 Aug 2012, Dimitri Maziuk wrote:

> On 8/21/2012 2:28 AM, Lars Marowsky-Bree wrote:
>> On 2012-08-21T00:22:00, Dimitri Maziuk <dmaziuk [at] bmrb> wrote:
>>
>>> CLUSTERIP
> ...
>> Some customers want to do this for a simple load balancing solution that
>> doesn't require additional load balancing hosts. It's not the worst idea
>> for 2-3 nodes, especially with an asymmetric connection profile (i.e.,
>> little data in, lots of data out).
>
> <shrug/> I fail to see the advantage over, say, RRDNS, or
> heartbeat+ldirectord, but that's just me. (@Andrew: it is a fascinating
> intellectual excersize, I didn't say it was stupid in itself.)

fewer pieces than either RRDNS or ldirectord.

with RRDNS, changes to the size of the cluster (taking a system out for
maintinance) can't easily be done. you have to do secondary things like moving
the IP addresses to other systems. With CLUSTERIP you just reconfigure the
systems and the load is now distributed differently.

with ldirectord you have an extra network hop, and you have all your traffic
going through one system. This is a scalability bottleneck as well as bing a
separate system to configure.

CLUSTERIP isn't the solution to every problem, but it works really well for many
problems.

>> I have a preference for active/passive clusters as long as that remains
>> feasible, since that makes the architecture simpler. But once one goes
>> beyond that, it's nice to have options.
>
> Yeah, sure. Original Poster asked what's the point of an active-active
> cluster without the same ip address on all nodes and my answer is still
> "tcp/ip doesn't work that way". Pointing him to clusterip, anycast, and
> whatever other clever tricks people came up with is IMO the opposite of
> helpful.

I strongly favor sticking with active/passive clusters as well, but when you get
to the point where you need more than a single box working on the problem, you
need to consider the various options, and CLUSTERIP is a very strong contender.
It's especially good as a simple migration from active/passive. You just add a
third box to the cluster and change the configuration so that instead of your
VIP moving from one box to another, it's instead shared between the systems.
This is a much smaller step than setting up an external load balancer system.

David Lang
_______________________________________________
Linux-HA mailing list
Linux-HA [at] lists
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems

lmb at suse

Aug 21, 2012, 1:20 PM

Post #20 of 23 (522 views)
Permalink

Re: IP Clone [In reply to]

On 2012-08-21T13:16:29, David Lang <David_Lang [at] Intuit> wrote:

> with ldirectord you have an extra network hop, and you have all your
> traffic going through one system. This is a scalability bottleneck as
> well as bing a separate system to configure.
>
> CLUSTERIP isn't the solution to every problem, but it works really
> well for many problems.

To complete the list of issues though is that with clusterip, every
participating node sees all inbound traffic, and discards everything but
its own (CPU load).

There's always a trade-off with everything.

> It's especially good as a simple migration from active/passive. You
> just add a third box to the cluster and change the configuration so
> that instead of your VIP moving from one box to another, it's instead
> shared between the systems. This is a much smaller step than setting
> up an external load balancer system.

I'm not quite sure what you need the 3rd box for? Of course, an odd
number of nodes is always a good idea, but not required by clusterip.

Regards,
Lars

--
Architect Storage/HA
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imend�rffer, HRB 21284 (AG N�rnberg)
"Experience is the name everyone gives to their mistakes." -- Oscar Wilde

_______________________________________________
Linux-HA mailing list
Linux-HA [at] lists
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems

David_Lang at Intuit

Aug 21, 2012, 1:26 PM

Post #21 of 23 (515 views)
Permalink

Re: IP Clone [In reply to]

On Tue, 21 Aug 2012, Lars Marowsky-Bree wrote:

> On 2012-08-21T13:16:29, David Lang <David_Lang [at] Intuit> wrote:
>
>> with ldirectord you have an extra network hop, and you have all your
>> traffic going through one system. This is a scalability bottleneck as
>> well as bing a separate system to configure.
>>
>> CLUSTERIP isn't the solution to every problem, but it works really
>> well for many problems.
>
> To complete the list of issues though is that with clusterip, every
> participating node sees all inbound traffic, and discards everything but
> its own (CPU load).
>
> There's always a trade-off with everything.

agreed.

CLUSTERIP also has an additional utility that if you use it with a one-way
protocol (for example UDP syslog), you can have multiple sets of systems using
the same IP address. This can make it so that the sender only needs to send one
copy of the data instead of the sender needing to send one copy to each set of
recievers. I've got a case where this actually avoids network bottlenecks on the
sending side.

>> It's especially good as a simple migration from active/passive. You
>> just add a third box to the cluster and change the configuration so
>> that instead of your VIP moving from one box to another, it's instead
>> shared between the systems. This is a much smaller step than setting
>> up an external load balancer system.
>
> I'm not quite sure what you need the 3rd box for? Of course, an odd
> number of nodes is always a good idea, but not required by clusterip.

if you need two boxes to handle the load, you should configure your cluster with
at least three boxes so that if one box fails you can still handle the load with
the remaining systems.

David Lang
_______________________________________________
Linux-HA mailing list
Linux-HA [at] lists
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems

David_Lang at intuit

Aug 21, 2012, 1:28 PM

Post #22 of 23 (519 views)
Permalink

Re: IP Clone [In reply to]

Remember that I was responding to the statement that it was impossible to have an IP address on two machines. ANYCAST is a way to do so. It's not the appropriate solution for most problems, but there are some cases where it works extremely well. I was in no way trying to say that ANYCAST and CLUSTERIP can be used for the same problems. They usually cannot.

An example of this that I heard of a few years ago is that Google uses ANYCAST on their corporate network. They have a HA pair of systems in each building that listen on a set of addresses that have been designated internally to be ANYCAST addresses and redirect all traffic directed at those addresses to a local set of servers. This allows Google to advertise a single set of IP addresses for common services and have those services be handled local to the user. You could try to do this by having many different DNS zones and serving the 'right' zone to the requester depending what their IP address is, but given that many clients will cache DNS lookups and you may move around fast enough (especially on a large campus) for this to be a problem, the ANYCAST solution is a very good fit.

David Lang

________________________________________
From: linux-ha-bounces [at] lists [linux-ha-bounces [at] lists] on behalf of Dimitri Maziuk [dmaziuk [at] bmrb]
Sent: Tuesday, August 21, 2012 10:05 AM
To: linux-ha [at] lists
Subject: Re: [Linux-HA] IP Clone

On 08/20/2012 06:01 PM, David Lang wrote:

> ANYCAST has severe limitations on what you can do with it, but CLUSTERIP is far
> more flexible and can work in just about any local active/active problem.

Apples have severe limitations on the amount of orange juice you can
squeeze out of them, but oranges are far more juicy.

-- in other words, that is misleading at best.

Anycast is a router hack so it works over *routed* networks. Clusterip
is *link-layer* broadcast so it works on single ethernet segment.

One is for keeping core dns servers operational if the Internet breaks,
the other is for when ldirectord is "too hard".

One is for when multiple servers won't all reply at once because only
one of them is visible to the reachable network, the other has a fixed
rule that decides which server answers which clients.

And so on.

--
Dimitri Maziuk
Programmer/sysadmin
BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu

_______________________________________________
Linux-HA mailing list
Linux-HA [at] lists
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems

dmaziuk at bmrb

Aug 21, 2012, 3:30 PM

Post #23 of 23 (516 views)
Permalink

Re: IP Clone [In reply to]

On 08/21/2012 03:28 PM, Lang, David wrote:
> Remember that I was responding to the statement that it was
> impossible to have an IP address on two machines.

Right. For those without a networking/sysprog major out there:

it's certainly possible, no-one can stop you. Under normal circumstances
arp will map one ip to one mac address, so the other mac address won't
get any traffic. Until you update all arp caches, at which point the
first mac address stops getting traffic. The fun starts when they don't
update all at once -- they normally don't.

For that reason ifconfigs and dhcpds (or dhclients) will often ping the
ip first and barf if it answers.

Now mac addresses exist on the same ethernet segment (vlan). So the two
ways around this are

a) multicast mac addresses are easy because ethernet is a broadcast
medium to begin with & every hosts sees every packet. All you have to do
is put the nic in promiscuous mode and grab the packets with that
"special" mac address on them.

b) take arp out of the equation altogether and work at ip level -- that
means routing. Once you route the same packet to multiple subnets,
within each subnet your "special" ip maps to only one mac address & arp
is happy.

... I was in no way trying to say that ANYCAST and CLUSTERIP can be used
for the same problems. They usually cannot.

I think faster than I type so I often enough end up typing a sentence
that starts with apples and ends with oranges myself. I know you meant
that anycast won't work for an active-active failover cluster, not that
clusterip will work over routed subnets. It just didn't sound quite that
way.

Here's a free PhD title if anyone needs one: a multiply-resilient
geografically distributed cloud by anycast'ing to a clusters of clusterip's.

--
Dimitri Maziuk
Programmer/sysadmin
BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu

Attachments:

signature.asc (0.25 KB)

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads