Operating System - Linux
1748250 Members
3518 Online
108760 Solutions
New Discussion

Re: 2 nic cards on different subnet

 
chindi
Respected Contributor

2 nic cards on different subnet

Team,

We have 2 node RHEL cluster. 6.7  App and DB in 2 different subnet. 

Node 1

====

App 10.1.11.7  Physical 

DB 10.1.12.9 Physical

 

Node 2

===

App 10.1.11.9 Physical

DB 10.1.12.7 Physical

We have a VIP configured 10.1.11.8 

When app is down , the filesystem alongwith ip moves to failover node. 

Route -n from both nodes given below :

From 10.1.11.7

route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.1.12.0 0.0.0.0 255.255.255.128 U 0 0 0 em4
10.1.11.0 0.0.0.0 255.255.255.128 U 0 0 0 em3
169.254.0.0 0.0.0.0 255.255.0.0 U 1008 0 0 em3
169.254.0.0 0.0.0.0 255.255.0.0 U 1009 0 0 em4
0.0.0.0 10.1.11.1 0.0.0.0 UG 0 0 0 em3

ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: p2p1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether a0:36:9f:83:f0:c4 brd ff:ff:ff:ff:ff:ff
3: p2p2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether a0:36:9f:83:f0:c6 brd ff:ff:ff:ff:ff:ff
4: p3p1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether a0:36:9f:7c:54:e8 brd ff:ff:ff:ff:ff:ff
5: p3p2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether a0:36:9f:7c:54:ea brd ff:ff:ff:ff:ff:ff
6: em1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 14:18:77:6a:35:07 brd ff:ff:ff:ff:ff:ff
7: em2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 14:18:77:6a:35:08 brd ff:ff:ff:ff:ff:ff
8: em3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 14:18:77:6a:35:09 brd ff:ff:ff:ff:ff:ff
inet 10.1.11.7/25 brd 10.1.11.127 scope global em3
inet 10.1.11.8/25 scope global secondary em3
inet6 fe80::1618:77ff:fe6a:3509/64 scope link
valid_lft forever preferred_lft forever
9: em4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 14:18:77:6a:35:0a brd ff:ff:ff:ff:ff:ff
inet 10.1.12.9/25 brd 10.1.12.127 scope global em4
inet6 fe80::1618:77ff:fe6a:350a/64 scope link
valid_lft forever preferred_lft forever

 

From 10.1.12.7

route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.1.12.0 0.0.0.0 255.255.255.128 U 0 0 0 em1
10.1.11.0 0.0.0.0 255.255.255.128 U 0 0 0 em2
169.254.0.0 0.0.0.0 255.255.0.0 U 1006 0 0 em1
169.254.0.0 0.0.0.0 255.255.0.0 U 1007 0 0 em2
0.0.0.0 10.1.12.1 0.0.0.0 UG 0 0 0 em1

ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: p2p1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether a0:36:9f:84:04:b0 brd ff:ff:ff:ff:ff:ff
3: p2p2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether a0:36:9f:84:04:b2 brd ff:ff:ff:ff:ff:ff
4: p3p1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether a0:36:9f:7c:58:8c brd ff:ff:ff:ff:ff:ff
5: p3p2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether a0:36:9f:7c:58:8e brd ff:ff:ff:ff:ff:ff
6: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 14:18:77:66:c8:ac brd ff:ff:ff:ff:ff:ff
inet 10.1.12.7/25 brd 10.1.12.127 scope global em1
inet 10.1.12.8/25 scope global secondary em1
inet6 fe80::1618:77ff:fe66:c8ac/64 scope link
valid_lft forever preferred_lft forever
7: em2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 14:18:77:66:c8:ad brd ff:ff:ff:ff:ff:ff

We need traffic coming out of 10.1.12.7 to be from 10.1.11.9 Physical IP , but as of now its coming from 10.1.12.7 which we cannot open at Firewall due to compliance issues.

Suggest a solution for the same.
inet 10.1.11.9/25 brd 10.1.11.127 scope global em2
inet6 fe80::1618:77ff:fe66:c8ad/64 scope link
valid_lft forever preferred_lft forever
8: em3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 14:18:77:66:c8:ae brd ff:ff:ff:ff:ff:ff
9: em4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 14:18:77:66:c8:af brd ff:ff:ff:ff:ff:ff

 

1 REPLY 1
Johan Guldmyr
Honored Contributor

Re: 2 nic cards on different subnet

Interesting issue!

Did you work this one out? I suppose iptables and NAT rules could be used to accomplish this. But maybe also by assigning the virtual IP to a subinterface (like em3:1) and not directly to em3?