[Pacemaker] IP Range Failover with IPaddr2 and clone / globally-unique="true"

Dejan Muhamedagic dejanmm at fastmail.fm
Thu Jan 26 07:33:17 EST 2012 

On Wed, Jan 25, 2012 at 07:22:44PM +0100, Anton Melser wrote:
> >> I actually did 1 to 3 (with both configure primitive and configure
> >> clone) which worked successfully, and then launched the following.
> >> Both FW1 and FW2 are up, and it seems to be distributing the IPs
> >> between the two. The IPs are pingable from external machines. It is
> >> taking aaaaaages though - am I trying to fit a round pole into a
> >> square hole here? Am I never going to get things working smoothly with
> >> the numbers of IPs I need here? Is it worth persisting, or should I be
> >> looking for a cluster solution better adapted to lots and lots of very
> >> simple resources?
> >
> > How many addresses do you want to create? Although it is going to
> > work, it may really be slow, because the status section in the
> > CIB is going to grow quite a bit (check the output of cibadmin -Q
> > | wc).
> 
> I want to be able to manage thousands of IPs. I currently need to do
> hundreds, but any solution I come up with needs to be able to support
> thousands (at least the 2k or so I have done in my test above) to make
> this a robust and future-proof solution. It is for setting up a
> NAT/firewall solution mapping from 1 internal /24 network to 1
> external, public IP - times a couple of thousand.

Thousands? In that case you should extend the IPaddr2 RA to
support IP ranges and then handle all of them in a loop within
the RA. If any of the IP addresses fails you'll need to report
failure, so the complete range would have to be restarted.

> > BTW, why do you need so many IPs?
> 
> I was hoping this question wouldn't get asked but thought it might...
> I spent *heaps* of time explaining why on the netfilter list. I
> completely understand both the interest in why and the
> misunderstanding of the situation at first glance - will "it is
> completely legal, and completely moral" suffice? It is "moral" unless
> you have a particular hate of outsourcing...  This post seemed to
> satisfy the angry masses:
> http://www.spinics.net/lists/netfilter/msg52178.html
> The fact that the Linux Foundation uses an Email Service Provider to
> send their newsletters hopefully proves that sending emails from lots
> of IPs (each dedicated to a single customer, so thousands of IPs =
> thousands of customers) is not a nasty thing to do if done by a
> responsible company!

I was just curious, didn't mean to imply anything.

Thanks,

Dejan

> Thanks for all your help!
> Cheers
> A
> 
> _______________________________________________
> Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
> 
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org

More information about the Pacemaker mailing list