- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Source Ip Selection
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-15-2011 05:56 AM
тАО06-15-2011 05:56 AM
Source Ip Selection
We have detected some network problems in one server (HP-UX 11.31). This problem was due a physical link failure.
Now everything is working fine, but we have detected that the server is sending packets with a secondary IP (One of the ServiceGuard Packages Ip - 172.17.2.30).
Name Network Address errs
lo0 127.0.0.0 127.0.0.1 0
lan900 172.17.2.0 172.17.2.166 2
lan900:1 172.17.2.0 172.17.2.30 0
lan900:2 172.17.2.0 172.17.2.16 0
Destination Gateway Interface
172.17.2.30 172.17.2.30 lan900:1
172.17.2.16 172.17.2.16 lan900:2
127.0.0.1 127.0.0.1 lo0
10.0.0.10 10.0.0.10 lan21
172.17.2.166 172.17.2.166 lan900
255.255.255.0 172.17.2.166 lan900
10.0.0.0 10.0.0.10 lan21
127.0.0.0 127.0.0.1 lo0
default 172.17.2.111 lan900
I don't know how the source selection is done, but we have to force it to the main Ip address lan900 (172.16.14.166).
Do you know how to solve this problem with the less impact in the users?
Thank you!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-15-2011 06:26 AM
тАО06-15-2011 06:26 AM
Re: Source Ip Selection
in fact as soon as the addressed are in the same subnet, there is no way to be sure which local address will be taken except that the applications bind explicitely to that address.
There is an other heavy way; use ipfilter to nat all the other addresses to the one expected.
but again, the only real way is that the application bind explicitely to the desired local address.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-15-2011 08:29 AM
тАО06-15-2011 08:29 AM
Re: Source Ip Selection
Don't you know what criterion uses hpux for choosing the source Ip?
I mean that it should be always the same, something like: first of the if list, first of the routes.
Thank you!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-15-2011 09:17 AM
тАО06-15-2011 09:17 AM
Re: Source Ip Selection
>choosing the source Ip?
yes I know them.
>I mean that it should be always the same,
>something like: first of the if list, first
>of the routes.
In fact it is none deterministic because external traffic may have an influence.
Most often, it is the first local in the same subnet as the gateway or the target in the ire hash table which is taken, but, if for instance
an inbound tcp packet come from a destination B to a local IP A , there will be an ire created from A to B so next packet sent to B will use address A, even if it is not the first one in the ire table.
- it is an example, some other cases exist too.
So you can't rely on that.
The only way currently to be able to choose a local address is to bind explicitely.
There is an other one, but may be more difficult to put in place as it needs more configuration:
using SRPv3, you can define a workload containment in which you put your applications, then the address assigned to that containment will be the one used by the application.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-15-2011 09:48 AM
тАО06-15-2011 09:48 AM
Re: Source Ip Selection
That was the kind of answer that I was looking for :)
About these tables, is there any way to clear it? We have never had this problem before and we think that is related with some physical network problems.
So just for solving our current problems we would like to know if it is possible to reset this assignments.
Thank you!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-15-2011 11:34 AM
тАО06-15-2011 11:34 AM
Re: Source Ip Selection
the only way is to lower ip_ire_flush_interval and ip_ire_cleanup_interval to their minimum
- be sure that cleanup
- if any connection stay between the 2 side when the flush arrives, the ire will be recreated.
you can try also to create a little program which create a socket, bind to the address you want to use, and connect to the target on a opened port. it will create the valid ire, then it will depend on its position in the ire hash.
Then if it is not enough, you need to be sure there is no pending connection from the bad local to the destination.
you may also try to change the local ip to flush the ires from it ( if no application connected through that address).- did not try but may work-
But all this are tweaks without any guaranty of working nor side effects.
The only really supported way is to have application binding on the desired address.