HPE Community
Operating System - HP-UX
1834936 Members
2273 Online
110071 Solutions
New Discussion

Re: Firewall in a clustered nodes.

 
RAC_1
Honored Contributor

‎12-30-2002 11:16 AM

‎12-30-2002 11:16 AM

Firewall in a clustered nodes.

Some Back ground.

HP-UX 11.11 on superdomes running under SG cluster.(A.01.02)
Node-1 runs Apache web server and OAS. Node-1 runs Oracle 8.1.7(db server)

Node-3 also running apache and OAS.

Now network team is planning to put one firewall between clustered nodes. i.e node-1 running apache,OAS and node-2-oracle db server.

Info required.

What measures/precautions do I need to take for proper operation of SG environment.
(please note that node-3 is not under SG, but just a load balancing server for node-1)

What ports do I need to open, and more importantly what precations do I need to take under SG environment.

node-2 database server gets request from node-1 and node-3.

Thanks in advance.
There is no substitute to HARDWORK
0 Kudos
Reply
7 REPLIES 7
John Poff
Honored Contributor

‎12-30-2002 11:21 AM

‎12-30-2002 11:21 AM

Re: Firewall in a clustered nodes.

Hi,

Why do they want to put a firewall between two of your MC/SG nodes? What problem is your network team trying to solve?

JP
0 Kudos
Reply
RAC_1
Honored Contributor

‎12-30-2002 11:58 AM

‎12-30-2002 11:58 AM

Re: Firewall in a clustered nodes.

Really nothing. Did not listen to Sysadmins.

It is so called part of securing the web site these servers host.
There is no substitute to HARDWORK
0 Kudos
Reply
MANOJ SRIVASTAVA
Honored Contributor

‎12-30-2002 12:02 PM

‎12-30-2002 12:02 PM

Re: Firewall in a clustered nodes.

Why dont you use Local Director and free up a server.


Manoj Srivastava
0 Kudos
Reply
RAC_1
Honored Contributor

‎12-30-2002 12:08 PM

‎12-30-2002 12:08 PM

Re: Firewall in a clustered nodes.

Pardon my knowledge,

But no idea what local director is.
But we do have SSL(hp make)
for load balancing the web requests between node-1 and node-3 and for secure connections.

There is no substitute to HARDWORK
0 Kudos
Reply
MANOJ SRIVASTAVA
Honored Contributor

‎12-30-2002 01:31 PM

‎12-30-2002 01:31 PM

Re: Firewall in a clustered nodes.

How about A CISCO 430 , I think there are smaller verrsions avaialbel too,




Manoj Srivastava
0 Kudos
Reply
U.SivaKumar_2
Honored Contributor

‎12-30-2002 11:34 PM

‎12-30-2002 11:34 PM

Re: Firewall in a clustered nodes.

Hi,

These are the ports MC/Serviceguard uses

Ref: /etc/services

hacl-hb 5300/tcp # High Availability (HA) Cluster heartbeat
hacl-gs 5301/tcp # HA Cluster General Services
hacl-cfg 5302/tcp # HA Cluster TCP configuration
hacl-cfg 5302/udp # HA Cluster UDP configuration
hacl-probe 5303/tcp # HA Cluster TCP probe
hacl-probe 5303/udp # HA Cluster UDP probe
hacl-local 5304/tcp # HA Cluster Commands
hacl-test 5305/tcp # HA Cluster Test
hacl-dlm 5408/tcp # HA Cluster distributed lock manager

Put the heartbeat lines through two serial interface rather than ethernet cables.

If you have IP failover setup between the nodes across firewall , in my opinion you will have hard time ... :-)

regards,
U.SivaKumar
Innovations are made when conventions are broken
0 Kudos
Reply
melvyn burnard
Honored Contributor

‎12-30-2002 11:57 PM

‎12-30-2002 11:57 PM

Re: Firewall in a clustered nodes.

I stronly advise against having a firewall set up BETWEEN Sg nodes.
No problem if you want one outside the cluster, but if you set it up to act between the nodes, then you may have some problems.
Bear in mind, most firewalls get set to block things like UDP broadcasts etc, and SG does use these.
My house is the bank's, my money the wife's, But my opinions belong to me, not HP!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.