HPE Community
Operating System - HP-UX
1753768 Members
5102 Online
108799 Solutions
New Discussion юеВ

Re: which the source address in case of SG?

 
SOLVED
Go to solution
Enrico Venturi
Super Advisor

тАО11-13-2005 09:10 PM

тАО11-13-2005 09:10 PM

which the source address in case of SG?

Hello colleagues,
we were using Serviceguard.
Each cluster node can be identified through the physical IP and the virtual IP, the last one only when there's a package running there.
My question is: the applications running on the node which IP do they use to present themselves to the outside?
In other words, if a remote node receives an IP connection request from a local application (telnet, rlogin, rcp, .... ) which is the source IP? Is it always the physical address or it can randomly be the virtual one?

thanks
Enrico
0 Kudos
Reply
12 REPLIES 12
Devender Khatana
Honored Contributor

тАО11-13-2005 09:18 PM

тАО11-13-2005 09:18 PM

Re: which the source address in case of SG?

Hi,

Applications always should bind to the virtual IP of the package which is also called the floating IP, as it is accessible through the node where that particular package is currently running. You should also use the same for telnet, rlogin etc. also but you shall not ignore the status of package ( Which nodes hosts the package) while doing so.

FYI
Physical address allthough can be more than one to each server, floating IP also will be different for each package. i.e. 10 package running will have 10 seperate IPs.

HTH,
Devender

HTH,
Devender
Impossible itself mentions "I m possible"
0 Kudos
Reply
Enrico Venturi
Super Advisor

тАО11-13-2005 09:27 PM

тАО11-13-2005 09:27 PM

Re: which the source address in case of SG?

I didn't ask which IP to use from external nodes to access cluster nodes / packages, this is well known.

I asked to know which is the source IP when an application inside a cluster node accesses the external servers.
This is needed in case of firewalls:
if a want to allow the applications running in a cluster node (telnet, rlogin, rcp, ...) I need to enable their source IP. Am I sure that the source IP doesn't change when there's a MC/SG package running there?
0 Kudos
Reply
melvyn burnard
Honored Contributor

тАО11-13-2005 09:46 PM

тАО11-13-2005 09:46 PM

Re: which the source address in case of SG?

A package running in a Serviceguard configuration will show the stationary ip address of the node it is running on as it's source address.
If you need to have the package respond with the relocatable or floating adress, you need to compile the application so that it binds to the floating address.
See page 377 in Appendix C of http://docs.hp.com/en/B3936-90079/B3936-90079.pdf for more details
My house is the bank's, my money the wife's, But my opinions belong to me, not HP!
0 Kudos
Reply
Enrico Venturi
Super Advisor

тАО11-13-2005 10:24 PM

тАО11-13-2005 10:24 PM

Re: which the source address in case of SG?

I cannot explain myself,
maybe the attached doc. will help you in understanding what I mean
0 Kudos
Reply
melvyn burnard
Honored Contributor

тАО11-13-2005 10:37 PM

тАО11-13-2005 10:37 PM

Re: which the source address in case of SG?

So are you asking the following:
If an application is started OUTSIDE of SG (i.e. no relocatable ip address involved) what ip address will the application supply as it's source? It will be the stationary ip address of the primary network on the host it is running on.
My house is the bank's, my money the wife's, But my opinions belong to me, not HP!
0 Kudos
Reply
Enrico Venturi
Super Advisor

тАО11-13-2005 11:21 PM

тАО11-13-2005 11:21 PM

Re: which the source address in case of SG?

yes, and moreover:
when a package is running on the node and the package IP is set to the LAN 0, does the IP exposed by the applications change (maybe randomly) or not?
0 Kudos
Reply
Dietmar Konermann
Honored Contributor

тАО11-14-2005 12:44 AM

тАО11-14-2005 12:44 AM

Solution

Re: which the source address in case of SG?

Venturi,

no random behaviour is involved here. It's all about routing.

If an application binds to a specific IP address, then the kernel routes outgoing traffic via the corresponding interface. If it is an relocatable IP, then this will be used as source IP address.

If an applikation binds to INADDR_ANY (non-clusteraware applications usually do that), then the kernel's current routing table determines what interface to use, i.e. what source IP address to use.

Melvyn is right... this is usually the stationary address, since it has usually the topmost (network) entry in the routing table.

Here's a small example:

Machine nero has stationary IP 15.140.11.19 and a relocatable one 15.140.8.63:

15.140.11.19[nero]:/ # netstat -in
IPv4:
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
lan0 1500 15.140.8.0 15.140.11.19 79587867 0 73777210 0 0
lan0:1 1500 15.140.8.0 15.140.8.63 12278061 0 11839431 0 0


Routing to network 15.140.8.0 goes through the stationary IP:

15.140.11.19[nero]:/ # netstat -rn
IPv4 Routing tables:
Destination Gateway Flags Refs Interface Pmtu
15.140.11.19 15.140.11.19 UH 0 lan0 4136
15.140.8.63 15.140.8.63 UH 0 lan0:1 4136
15.140.8.0 15.140.11.19 U 3 lan0 1500 <<<<
15.140.8.0 15.140.8.63 U 3 lan0:1 1500

So when I access machine lola on 15.140.8.65 then lola's netstat output shows my stationary UP as source address:

15.140.11.19[nero]:/ # remsh 15.140.8.65 netstat -an | grep '514 .*ESTABLISHED'
tcp 0 0 15.140.8.65.514 15.140.11.19.1005 ESTABLISHED


Now I add an host route through my relocatable address:

15.140.11.19[nero]:/ # route add host 15.140.8.65 15.140.8.63 0
add host 15.140.8.65: gateway 15.140.8.63

Please note that host routes precede network routes... so routing to lola goes through lan0:1 now, using my relocatable address:

15.140.11.19[nero]:/ # netstat -rn
IPv4 Routing tables:
Destination Gateway Flags Refs Interface Pmtu
15.140.11.19 15.140.11.19 UH 0 lan0 4136
15.140.8.63 15.140.8.63 UH 0 lan0:1 4136
15.140.8.65 15.140.8.63 UH 0 lan0:1 0 <<<<
15.140.8.0 15.140.11.19 U 3 lan0 1500
15.140.8.0 15.140.8.63 U 3 lan0:1 1500

This can also be seen in lola's netstat output:

15.140.11.19[nero]:/ # remsh 15.140.8.65 netstat -an | grep '514 .*ESTABLISHED'
tcp 0 0 15.140.8.65.514 15.140.8.63.1005 ESTABLISHED

qed.

Best regards...
Dietmar.


"Logic is the beginning of wisdom; not the end." -- Spock (Star Trek VI: The Undiscovered Country)
Reply
Steven E. Protter
Exalted Contributor

тАО11-14-2005 01:20 AM

тАО11-14-2005 01:20 AM

Re: which the source address in case of SG?

SG floating IP addresses are virtual IP addresses. They are subject to their main IP address and looking carefully at the source IP will let you know which node you are working on.

EX:
Mainip 192.168.0.90 lan0

floater 192.168.0.91 lan0:1

Traffic from the floater will actually come out of the main interface.

In theory that is. That is what I believe you'll see if you use ethereal or tcpdump to look at the traffic across the lan.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Dietmar Konermann
Honored Contributor

тАО11-14-2005 01:39 AM

тАО11-14-2005 01:39 AM

Re: which the source address in case of SG?

Steven,

only SG talks about stationary and relocatable/virtual addresses.

From the networking stack's point of view you have just a bunch of indexed IP addresses assigned to the interface. You could e.g. just bring lan0:4 and lan0:5 up... and leave lan0 (aka lan0:0) down.

As I already said, the used route determines what source address shows up. No matter, if you look with tcpdump or ethereal or just look at netstat.

Best regards...
Dietmar.
"Logic is the beginning of wisdom; not the end." -- Spock (Star Trek VI: The Undiscovered Country)
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.