[c-nsp] Virtual IP Question
Paul Stewart
paul at paulstewart.org
Thu Apr 10 21:15:44 EDT 2008
Thanks very much... I haven't been able to capture this in action yet from a
network view but hoping to see what's really happening soon... the servers
in question I do not manage....
What appears to be happening is that the heartbeat between the two devices
(dedicated GigE network port to port between servers, no switch) is having
some kind of an issue - I still don't have a clear picture myself what is
happening yet.... but long story short, both primary and secondary are
trying to delegate to primary at the same time therefore the IP is showing
up twice on two different machines causing some problems obviously ;)
I'm hoping to actually take the heartbeat function out of this mix as both
machines can run fully mirrored to one another and handle requests - I"d
like to "frontend" the system and take the decision making away from the
servers themselves....
Just browsing Cisco's website and it looks like I could get a ACE-4710-1F-K9
appliance that would do the trick? Price is quite reasonable .... anyone
used them?
Thanks again David...
Paul
-----Original Message-----
From: David Coulson [mailto:david at davidcoulson.net]
Sent: Thursday, April 10, 2008 9:03 PM
To: Paul Stewart
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Virtual IP Question
Usually when IP takeover occurs, the new 'active' node will send out an
ARP update message to force all devices on the broadcast domain to
update their ARP table. I've run this type of failover (as opposed to a
'virtual MAC') with good success in a variety of configurations.
Especially if you are only routing to this environment, having fast ARP
timeouts can often clear out any split brain problems pretty quickly.
What are the symptoms you see when the problems occur? Incorrect ARP
entry in the switches (I assume these handle VLAN routing too?), bad
entry in the CAM table, or something else?
Your problem implementing something at the network layer may be that the
virtual IP will not be available on both nodes, so if you try to
override the failover functionality, it may not behave as expected.
Paul Stewart wrote:
> Each server is connected to a 6509 switch, on the same VLAN and IP subnet.
> The problem is that the virtual IP representing what people connect to is
> taking over the MAC address of the Ethernet card versus having it's own
MAC
> that stays consistent from server to server (as HSRP does with it's active
> IP - MAC never changes for that IP).
>
--
No virus found in this incoming message.
Checked by AVG.
Version: 7.5.519 / Virus Database: 269.22.11/1368 - Release Date: 4/9/2008
4:20 PM
More information about the cisco-nsp
mailing list