[Pacemaker] IP Range Failover with IPaddr2 and clone / globally-unique="true"

Anton Melser melser.anton at gmail.com
Wed Jan 25 13:22:44 EST 2012

>> I actually did 1 to 3 (with both configure primitive and configure
>> clone) which worked successfully, and then launched the following.
>> Both FW1 and FW2 are up, and it seems to be distributing the IPs
>> between the two. The IPs are pingable from external machines. It is
>> taking aaaaaages though - am I trying to fit a round pole into a
>> square hole here? Am I never going to get things working smoothly with
>> the numbers of IPs I need here? Is it worth persisting, or should I be
>> looking for a cluster solution better adapted to lots and lots of very
>> simple resources?
> How many addresses do you want to create? Although it is going to
> work, it may really be slow, because the status section in the
> CIB is going to grow quite a bit (check the output of cibadmin -Q
> | wc).

I want to be able to manage thousands of IPs. I currently need to do
hundreds, but any solution I come up with needs to be able to support
thousands (at least the 2k or so I have done in my test above) to make
this a robust and future-proof solution. It is for setting up a
NAT/firewall solution mapping from 1 internal /24 network to 1
external, public IP - times a couple of thousand.

> BTW, why do you need so many IPs?

I was hoping this question wouldn't get asked but thought it might...
I spent *heaps* of time explaining why on the netfilter list. I
completely understand both the interest in why and the
misunderstanding of the situation at first glance - will "it is
completely legal, and completely moral" suffice? It is "moral" unless
you have a particular hate of outsourcing...  This post seemed to
satisfy the angry masses:
The fact that the Linux Foundation uses an Email Service Provider to
send their newsletters hopefully proves that sending emails from lots
of IPs (each dedicated to a single customer, so thousands of IPs =
thousands of customers) is not a nasty thing to do if done by a
responsible company!
Thanks for all your help!

More information about the Pacemaker mailing list