[Pacemaker] iptables cluster
Karlis Kisis
karlis.kisis at gmail.com
Mon Feb 13 04:21:14 EST 2012
Hi,
In most cluster tutorials, for simplicity, iptables is turned off.
Funny thing is that iptables is what I want to configure in HA cluster
(as redundant firewalls).
While reading the documentation I did not understand fully how IpAddr2
resource is configured. Let me explain:
I have 2 cluster nodes with following network config:
NIC1 - External Internet - 80.80.80.80 (81 for node2)
NIC2 - Internal LAN - 10.0.0.80 (81 for node2)
NIC3 - Heartbeat - 192.168.0.80 (81 for node2)
NIC4 - Storage Net - 172.16.0.80 (81 for node2)
I want 2 addresses to fail over:
80.80.80.1 VIP in External segment
10.0.0.1 VIP in LAN segment
Question #1:
When I configure IpAddr2 resource, how does it work? Especially if I
want to use external address that are public. The network adapter goes
in PROMISCUOUS mode and listens to all traffic, while filtering its IP
and VIP? Does it load the routers?
What I need to add another address from a different IP subnet, let's
say 180.180.180.180, since I don't have any adapters configures in
this IP subnet, will it work? Can I somehow assign this IpAddr2 to be
routed through NIC1 (static routes on both nodes?)
Question #2:
The whole clustering thingy works by stopping the service on one node
and starting it on the other. In my case, I would not want iptables to
be stopped but instead restarted with a "passive" config, like block
all traffic from outside (instead of dropping firewall entirely). How
would I go about it? Custom scripts?
Is there any extensive documentation on cluster networking somewhere?
How do the VIPs technically work?
Best regards,
Karlis
More information about the Pacemaker
mailing list