HPE Community
Operating System - HP-UX
1833475 Members
2832 Online
110052 Solutions
New Discussion

Source IP in TCP header for MCSG Packages

 
SOLVED
Go to solution
Jim Turner
HPE Pro

‎09-24-2004 03:43 AM

‎09-24-2004 03:43 AM

Source IP in TCP header for MCSG Packages

Howdy Y'all,

This thread:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=149302
pretty-well answers my following question, but I'm hoping for some clarification from our forums gurus.

I've got a ServiceGuard package with its own IP address. Nothing unusual there. This package starts a sockets-based process that must communicate through two firewalls (ours and the vendor's). Will the source IP in the TCP header be written as the package IP or the node IP? The thread cited above leads me to believe it will probably be the node IP. As a result, the source IP will be subject to change depending on which node the package is running on.

Does anyone know of a way to make TCP/IP traffic from my process started by ServiceGuard's package use the package IP address as the source IP (which will stay the same regardless of which node is running the package) instead of the node IP?

Thanks,
Jim
0 Kudos
7 REPLIES 7
Sridhar Bhaskarla
Honored Contributor

‎09-24-2004 03:53 AM

‎09-24-2004 03:53 AM

Re: Source IP in TCP header for MCSG Packages

Hi Jim,

If your application's 'port' is listening on the floating IP address instead '*.', then the source IP will be the floating IP.

However, I advise our appadmins to configure the firewalls for "stationary IP of the primary, Stationary IP of the secondary and the floating IP" to ensure that nothing breaks.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Prashant Zanwar_4
Respected Contributor

‎09-24-2004 06:53 AM

‎09-24-2004 06:53 AM

Re: Source IP in TCP header for MCSG Packages

Hi,
This is really a application level talk. The way application is designed to run in your cluster environment. You will face major problem if you use Node IP in your application to talk to consequent application running on ohter node or vice versa. Application code should be changed to use the package IP, so that irrespective of where the package is running you will be able to failover and communicate likewise.
Although the IP is floating or virtual in some means, it's main purpose to keep the access to the services running. And it is bind to one of the NIC's whereever the package is running.
So it is your applicaition which should support running in Cluster environment.
Hope I have understood the question correctly. Let me know if I am wrong.

Thanks
Prashant
"Intellect distinguishes between the possible and the impossible; reason distinguishes between the sensible and the senseless. Even the possible can be senseless."
0 Kudos
Prashant Zanwar_4
Respected Contributor

‎09-24-2004 06:57 AM

‎09-24-2004 06:57 AM

Re: Source IP in TCP header for MCSG Packages

melvyn burnard has answered it perfectly I believe. Firewall configuration to allow floating IP, I havent come across much. But there shall be way definately. Because I have worked in a big environment whrere users use to access the services from remote or countrywide. In this case it becomes necessary that users are not aware of any node name access structure.

Hope it helps
Prashant
"Intellect distinguishes between the possible and the impossible; reason distinguishes between the sensible and the senseless. Even the possible can be senseless."
0 Kudos
melvyn burnard
Honored Contributor

‎09-24-2004 07:00 AM

‎09-24-2004 07:00 AM

Solution

Re: Source IP in TCP header for MCSG Packages

Unless you have compiled your application to "bind" to the floating ip, then the source ip addres will be the node stationary address.
There is a section in the Managing Serviceguard manula at http://docs.hp.com/hpux/pdf/B3936-90079.pdf
See page 371
My house is the bank's, my money the wife's, But my opinions belong to me, not HP!
0 Kudos
Sundar_7
Honored Contributor

‎09-24-2004 07:05 AM

‎09-24-2004 07:05 AM

Re: Source IP in TCP header for MCSG Packages

Jim,

As noted above, the outgoing traffic will be using the stationary IP of the node, not the virtual/floating Package IP address.

One way to get around is to write your application to bind() to the virtual IP address before creating sockets.

- Sundar.
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
rick jones
Honored Contributor

‎09-24-2004 04:26 PM

‎09-24-2004 04:26 PM

Re: Source IP in TCP header for MCSG Packages

As the question is already answered - the appication should be calling bind() - I'll just point-out one nit. There is no IP address in a TCP header. IP addresses are in IP headers. The "address" in a TCP header would be the combination of source and destination port numbers.
there is no rest for the wicked yet the virtuous have no pillows
0 Kudos
Jim Turner
HPE Pro

‎12-29-2004 03:29 AM

‎12-29-2004 03:29 AM

Re: Source IP in TCP header for MCSG Packages

We decided to have the firewall folks allow all IPs from nodes and packages for now.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.