[ale] failover planning
Bob Toxen
bob at verysecurelinux.com
Wed Dec 1 03:34:00 EST 2004
On Tue, Nov 30, 2004 at 08:51:59AM -0500, Christopher Fowler wrote:
> Not fixed on 2.4.24
> I configured the 2nd interface on one of our devices running 2.4.24 as
> 192.168.2.121 and there is no CAT-5 connected.
> [cfowler at cfowler cfowler]$ ping 192.168.2.121
> PING 192.168.2.121 (192.168.2.121) 56(84) bytes of data.
> 64 bytes from 192.168.2.121: icmp_seq=1 ttl=64 time=0.405 ms
> 64 bytes from 192.168.2.121: icmp_seq=2 ttl=64 time=0.163 ms
> 64 bytes from 192.168.2.121: icmp_seq=3 ttl=64 time=0.167 ms
Try sniffing the traffic with ethereal or tcpdump, though you make a
good case.
> I guess eth0 on 192.168.2.120 is responding for 192.168.2.121
> On Mon, 2004-11-29 at 22:33, Stephan Uphoff wrote:
> > On Mon, 2004-11-29 at 21:21, Bob Toxen wrote:
> > > On Mon, Nov 29, 2004 at 08:56:03PM -0500, Stephan Uphoff wrote:
> > > > On Mon, 2004-11-29 at 20:34, Christopher Fowler wrote:
> > > > > I've tried this before with simple configuration of two nics simply
> > > > > using ifconfig. But I was never convinced that packets destined for 2.5
> > > > > was not scooped up by the first nic on 2.4
> > >
> > > > When I transitioned from cable to dsl I had such a setup.
> > > > The problem was that BOTH nics would reply to broadcasted ARP request
> > > > for either of the IPs with their own Ethernet address.
> > > > This caused packets to arrive at the wrong interface where they were
> > > > blocked by a firewall. (This was an old hacked up 2.2.16? kernel)
> > > This is incorrect behavior. This should not even have happened on a
> > > correctly built 2.2.16 system.
> >
> > I agree - this should not have happened.
> > Hopefully someone fixed this by now.
> > But since I personally had hacked up the kernel I am sure that it was
> > correctly build and this is a generic 2.2.16? problem.
> >
> >
> > >
> > > Bob
> > >
> > >
> > > > > On Mon, 2004-11-29 at 20:27, Bob Toxen wrote:
> > > > > > On Mon, Nov 29, 2004 at 07:49:43PM -0500, Christopher Fowler wrote:
> > > > > > > Speaking of failover is it possible to install 2 NICS in Linux and put
> > > > > > > them on the same subnet. I.E. eth0 = 192.168.1.4 and eth1 = 192.168.1.5
> > > > > > > then place those NICS under load balancing. In this case both will have
> > > > > > > the same DNS and same gateway. All load balancing setups I've seen load
> > > > > > > balance between multiple Internet connections.
> > > > > > Sure. No problem. Of course, this is needed only if your total bandwidth
> > > > > > requirements exceed that of a single NIC (either 100 Mbps duplex or 1 Gbps).
> > >
> > > > > > Bob Toxen
> > > > > > bob at verysecurelinux.com [Please use for email to me]
> > > > > > http://www.verysecurelinux.com [Network&Linux/Unix security consulting]
> > > > > > http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
> > > > > > Quality Linux & UNIX security and SysAdmin & software consulting since 1990.
> > >
> > > > > > "Microsoft: Unsafe at any clock speed!"
> > > > > > -- Bob Toxen 10/03/2002
> > >
> > >
> > > > > > > On Mon, 2004-11-29 at 19:40, Greg Freemyer wrote:
> > > > > > > > On Mon, 29 Nov 2004 09:51:34 -0500, James P. Kinney III
> > > > > > > > <jkinney at localnetsolutions.com> wrote:
> > > > > > > > > I am looking at setting up a small non-local redundant webserver. The
> > > > > > > > > net access for each node is through different ISP's so each node has
> > > > > > > > > different IP's. In fact, there is nothing in common between the two
> > > > > > > > > different networks. They have no common router.
> > >
> > > > > > > > > The main site is serverd by a T1 line that is susceptable to an outage
> > > > > > > > > caused by falling trees. I would like to make the outage as short as
> > > > > > > > > possible by making the backup site live as fast as possible. Right now,
> > > > > > > > > other than editing the DNS listing and waiting for the change to
> > > > > > > > > propogate, I have no other way to do this.
> > >
> > > > > > > > > Any suggestions?
> > > > > > > > > --
> > > > > > > > > James P. Kinney III \Changing the mobile computing world/
> > >
> > > > > > > > If nothing else, you could try round-robin DNS.
> > >
> > > > > > > > That way roughly half of your dns quiries will go to each IP.
> > >
> > > > > > > > Then set your client TTL low so your users are requesting a new DNS
> > > > > > > > entry fairly often.
> > >
> > > > > > > > If one of your sites fails, there is a 50% chance your users will go
> > > > > > > > to the other site with their next DNS request. (ie. if you have M$
> > > > > > > > users, they do a dns request at least once per reboot.)
> > >
> > > > > > > > Greg
More information about the Ale
mailing list