[Pacemaker] ipaddr2 & clusterip doubts.

Brett Delle Grazie brett.dellegrazie at gmail.com
Thu Feb 17 13:24:37 UTC 2011


Hi,

On 17 February 2011 12:58, Carlos G Mendioroz <tron at huapi.ba.ar> wrote:
> Hi,
> I've found that ipaddr2 can use clusterip when running as clone.
> (please correct me if I use some word in a not correct way,
> denoting I fail to get some concept)
>
> But my understanding is that clusterip might be beneficial also
> in the active/standby case because of its use of a single mac
> address.

Not really - its simpler (networking wise) and safer to use floating
IP addresses for standard HA.  Otherwise all traffic is being
duplicated to both nodes which ties up bandwidth unnecessarily -
that's the major
downside to ClusterIP.

Indeed it could be argued that with multiple floating IPs used with
DNS round-robin,
ClusterIP becomes almost unnecessary.

FYI ClusterIP target in iptables has been deprecated, the successor is
cluster-match
but I don't think there is a resource agent which uses it yet.

>
> I would create the active with 1 node and the standby alike,
> but "demote" the standby by forcing it not to answer.

Why? - you lose functionality here such as the system _automatically_
correcting
for failure - which is, I assume, why you want to use Pacemaker.

>
> Questions:
> -any obvious issue here ?
> -I see some posts with CLUSTERIP and ARP related issues,
> but I fail to understand a case where this happens.
> If someone has a failure case I would appreciate it.

Our failure cases:
(1) It didn't work at all - resolved by (a)
(2) It didn't work under failure conditions (pulling the network cable
and/or power on one node) - we got lost connections, no response etc.
resolved by (b)

Our solutions were:
(a) Enable multicast mac addresses on the switch/firewall (otherwise
it doesn't work at all) and
(b) adding a static ARP entry for the IP to cluster mac address in the
switch/firewall.

-- 
Best Regards,

Brett Delle Grazie




More information about the Pacemaker mailing list