[Pacemaker] ipaddr2 & clusterip doubts.
Brett Delle Grazie
brett.dellegrazie at gmail.com
Thu Feb 17 15:16:17 UTC 2011
Hi,
On 17 February 2011 13:47, Carlos G Mendioroz <tron at huapi.ba.ar> wrote:
> Brett Delle Grazie @ 17/02/2011 10:24 -0300 dixit:
>>
>> Hi,
>>
>> On 17 February 2011 12:58, Carlos G Mendioroz <tron at huapi.ba.ar> wrote:
>>>
>>> Hi,
>>> I've found that ipaddr2 can use clusterip when running as clone.
>>> (please correct me if I use some word in a not correct way,
>>> denoting I fail to get some concept)
>>>
>>> But my understanding is that clusterip might be beneficial also
>>> in the active/standby case because of its use of a single mac
>>> address.
>>
>> Not really - its simpler (networking wise) and safer to use floating
>> IP addresses for standard HA. Otherwise all traffic is being
>> duplicated to both nodes which ties up bandwidth unnecessarily -
>> that's the major
>> downside to ClusterIP.
>
> I guess it's a design issue, so it depends.
> I've seen the bandwidth argument, but this applies only to, in my case,
> to requests going to a server. BW is very low in this direction.
> I'm trying to get a fast failover (subsecond). I don't like gratuitous ARP
> that much.
Okay.
>
>>
>> Indeed it could be argued that with multiple floating IPs used with
>> DNS round-robin,
>> ClusterIP becomes almost unnecessary.
>
> DNS is out of the question. A node already talking to the cluster knows
> the cluster IP already.
> The problem with floating IP, as commented, is ARP caching.
Okay, but here I'm out of my depth. You're better off asking a network
expert either about
how to minimise ARP caching or of possible network based alternatives.
>
>> FYI ClusterIP target in iptables has been deprecated, the successor is
>> cluster-match
>> but I don't think there is a resource agent which uses it yet.
>
> Noted, thanks. I don't mind upgrading/changing/making an RA if needed.
>
>>> I would create the active with 1 node and the standby alike,
>>> but "demote" the standby by forcing it not to answer.
>>
>> Why? - you lose functionality here such as the system _automatically_
>> correcting
>> for failure - which is, I assume, why you want to use Pacemaker.
>
> How come I loose anything ? When I say "I would demote...", I mean
> "I would make the RA demote..."
I thought you meant manually demote.
>
>>> Questions:
>>> -any obvious issue here ?
>>> -I see some posts with CLUSTERIP and ARP related issues,
>>> but I fail to understand a case where this happens.
>>> If someone has a failure case I would appreciate it.
>>
>> Our failure cases:
>> (1) It didn't work at all - resolved by (a)
>> (2) It didn't work under failure conditions (pulling the network cable
>> and/or power on one node) - we got lost connections, no response etc.
>> resolved by (b)
>>
>> Our solutions were:
>> (a) Enable multicast mac addresses on the switch/firewall (otherwise
>> it doesn't work at all) and
>> (b) adding a static ARP entry for the IP to cluster mac address in the
>> switch/firewall.
>
> 1) I understand sort of, it's switch dependent, not really a CLUSTERIP
> issue. (i.e. you need mcast to work)
> 2) This is what I'm after as a failure case.
> Will test it, it should work (but again, the configuration I'm thinking of
> is not the one used by current ipaddr2 RA).
>
> Thanks for your comments!
No problem, hope they save you some time.
uCarp might be worth examining as well.
>
> --
> Carlos G Mendioroz <tron at huapi.ba.ar> LW7 EQI Argentina
>
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> ______________________________________________________________________
>
--
Best Regards,
Brett Delle Grazie
More information about the Pacemaker
mailing list