[Pacemaker] ipaddr2 & clusterip doubts.

Carlos G Mendioroz tron at huapi.ba.ar
Thu Feb 17 08:47:33 EST 2011 

Brett Delle Grazie @ 17/02/2011 10:24 -0300 dixit:
> Hi,
> 
> On 17 February 2011 12:58, Carlos G Mendioroz <tron at huapi.ba.ar> wrote:
>> Hi,
>> I've found that ipaddr2 can use clusterip when running as clone.
>> (please correct me if I use some word in a not correct way,
>> denoting I fail to get some concept)
>>
>> But my understanding is that clusterip might be beneficial also
>> in the active/standby case because of its use of a single mac
>> address.
> 
> Not really - its simpler (networking wise) and safer to use floating
> IP addresses for standard HA.  Otherwise all traffic is being
> duplicated to both nodes which ties up bandwidth unnecessarily -
> that's the major
> downside to ClusterIP.

I guess it's a design issue, so it depends.
I've seen the bandwidth argument, but this applies only to, in my case,
to requests going to a server. BW is very low in this direction.
I'm trying to get a fast failover (subsecond). I don't like gratuitous 
ARP that much.

> 
> Indeed it could be argued that with multiple floating IPs used with
> DNS round-robin,
> ClusterIP becomes almost unnecessary.

DNS is out of the question. A node already talking to the cluster knows
the cluster IP already.
The problem with floating IP, as commented, is ARP caching.

> FYI ClusterIP target in iptables has been deprecated, the successor is
> cluster-match
> but I don't think there is a resource agent which uses it yet.

Noted, thanks. I don't mind upgrading/changing/making an RA if needed.

>> I would create the active with 1 node and the standby alike,
>> but "demote" the standby by forcing it not to answer.
> 
> Why? - you lose functionality here such as the system _automatically_
> correcting
> for failure - which is, I assume, why you want to use Pacemaker.

How come I loose anything ? When I say "I would demote...", I mean
"I would make the RA demote..."

>> Questions:
>> -any obvious issue here ?
>> -I see some posts with CLUSTERIP and ARP related issues,
>> but I fail to understand a case where this happens.
>> If someone has a failure case I would appreciate it.
> 
> Our failure cases:
> (1) It didn't work at all - resolved by (a)
> (2) It didn't work under failure conditions (pulling the network cable
> and/or power on one node) - we got lost connections, no response etc.
> resolved by (b)
> 
> Our solutions were:
> (a) Enable multicast mac addresses on the switch/firewall (otherwise
> it doesn't work at all) and
> (b) adding a static ARP entry for the IP to cluster mac address in the
> switch/firewall.

1) I understand sort of, it's switch dependent, not really a CLUSTERIP 
issue. (i.e. you need mcast to work)
2) This is what I'm after as a failure case.
Will test it, it should work (but again, the configuration I'm thinking 
of is not the one used by current ipaddr2 RA).

Thanks for your comments!

-- 
Carlos G Mendioroz  <tron at huapi.ba.ar>  LW7 EQI  Argentina

More information about the Pacemaker mailing list