HPE Community
Operating System - HP-UX
1846646 Members
2509 Online
110256 Solutions
New Discussion

Re: virtual ip problem

 
Johan Hoeke
Advisor

‎08-07-2003 06:24 AM

‎08-07-2003 06:24 AM

virtual ip problem

Greetings,

We are running an hpux 11.0 server with 1 nic and an inappropriate IP adress. Inappropriate because het adress turns out te be a valid internet adress, just not ours. Was no problem before because the traffic was all in our own lan. Now that is no longer the case and we need to fase out this bad ip adress. We set up an alias with a new adress. What we want is this:
all data coming in through the real IP adress should be answerd using the real adress. (130.75.8.10 gw 130.75.8.254)
All data coming in through the virtual adress
should go out using the virtual adress
(10.8.33.19 gw 10.8.33.254)
This does not seem to be the case.
Connections made through the real network adress look like they are being answerd from the virtual ip adress.
In other forum threads the strong-end system model was mentioned. Will that work for aliased network cards / virtual ip''s?
Any other options?

see attached netconf for details
0 Kudos
Reply
5 REPLIES 5
Kevin O'Donovan
Regular Advisor

‎08-07-2003 07:49 AM

‎08-07-2003 07:49 AM

Re: virtual ip problem

Hi,

don't quite understand a lot of the question, real and virtual ip addresses? When you talk about creating an alias, where is this defined?

If you're using a different IP address than you should be its not a good idea, if its assigned to someone else chances are they will or already have a machine running using that IP address. As I'm sure you know having 2 machines with the same IP addresses on the one network causes all kinds of strange problems for both you and the other machine.

But if you're talking about translating IP addresses, this functionality should happen at the router, not the HP machine generally. Nature of address translation (NAT) is used where the external IP address differs from the internal - you can have several machines using the one router with the one IP address and NAT ensures the traffic gets routed to the right machines.

What you could possibly do is create secondary addresses on the network card, and setup your routing tables to route traffic through the second address.

didn't quite understand what you're doing at the moment but hopefully that'll be some help?
Kevin.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎08-07-2003 08:06 AM

‎08-07-2003 08:06 AM

Re: virtual ip problem

Check out your DNS records. They may be the culprit.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Kevin Wright
Honored Contributor

‎08-07-2003 08:14 AM

‎08-07-2003 08:14 AM

Re: virtual ip problem

Outgoing traffic goes out the interface(or IP in your example) based on where the destination is (IE what network your going to). If it's neither, then it will use the default route, from top down in the routing table netstat -nr.

You need to remove the real IP from your server if you don't own that block.
0 Kudos
Reply
Ron Kinner
Honored Contributor

‎08-07-2003 10:28 AM

‎08-07-2003 10:28 AM

Re: virtual ip problem

I have never used the strong end-system model but in theory it should help.

ip_strong_es_model:

Controls support for "Strong End-System Model" described in
RFC1122, Section 3.3.4.2. When enabled, packet source addresses
(and therefore interfaces on a multihomed host) affect selection
of a gateway for outbound packets. Set to 0 to disable; set to 1
to enable. [0,1] Default: 0 (disable)

To try it:

ndd -set /dev/ip ip_strong_es_model 1

to remove it if it doesn't work:

ndd -set /dev/ip ip_strong_es_model 0

If it works you will need to put it in /etc/rc.config.d/nddconf so it will stay after a reboot.

TRANSPORT_NAME[0]=ip
NDD_NAME[0]=ip_strong_es_model
NDD_VALUE[0]=1

(use the next highest integer in the brackets if you already have something there.)

Looking at your configs I'm a bit puzzled by the gateway entry on the virtual LAN. What does netstat -rn look like?


If that doesn't help and the people who want to talk to the old IP address are on different subnets from the people who know about the new you can add a route for each of the oldtimer subnets and point it through the old gateway. Or vice versa.

Ron

0 Kudos
Reply
Johan Hoeke
Advisor

‎08-07-2003 12:10 PM

‎08-07-2003 12:10 PM

Re: virtual ip problem

thanks for the response guys,

first of all whe inevitable typo in the problem:
the gw for the 10.8.33.19 adress is 10.8.32.254 hence the subnetmask of 255.255.252.0

Kevin O'Donovan: what i mean by a virtual ip is the second ip assigned to a nic. see the attached netconfig

Kevin Wright: good tip. So the 10.8.32.254 default gateway will always be used and the 130.75.8.254 won't be because it's ip number is higher, right?

Steven: I'll be sure to check the DNS.

Ron: I have read that info in other threads. I'm just not sure it will work in my situation because were talking about 1 nic, 1 mac adress and two ip's assigned to it. I was hoping someone could tell me wether it would work or not in that situation.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.