[ClusterLabs] Regarding IP tables and IP Address clone
Ken Gaillot
kgaillot at redhat.com
Tue Dec 22 16:34:37 CET 2015
On 12/22/2015 08:09 AM, Somanath Jeeva wrote:
> Hi
> I am trying to use ip loadbalancing using cloning feature in pacemaker. but After 15 min the virtual ip becomes unreachable. Below is the pacemaker cluster config
>
> # pcs status
> Cluster name: DES
> Last updated: Tue Dec 22 08:57:55 2015
> Last change: Tue Dec 22 08:10:22 2015
> Stack: cman
> Current DC: node-01 - partition with quorum
> Version: 1.1.11-97629de
> 2 Nodes configured
> 2 Resources configured
>
>
> Online: [ node-01 node-02 ]
>
> Full list of resources:
>
> Clone Set: ClusterIP-clone [ClusterIP] (unique)
> ClusterIP:0 (ocf::heartbeat:IPaddr2): Started node-01
> ClusterIP:1 (ocf::heartbeat:IPaddr2): Started node-02
>
> #pcs config
> Cluster Name: DES
> Corosync Nodes:
> node-01 node-02
> Pacemaker Nodes:
> node-01 node-02
>
> Resources:
> Clone: ClusterIP-clone
> Meta Attrs: clone-max=2 clone-node-max=2 globally-unique=true
> Resource: ClusterIP (class=ocf provider=heartbeat type=IPaddr2)
> Attributes: ip=10.61.150.55 cidr_netmask=23 clusterip_hash=sourceip
> Operations: start interval=0s timeout=20s (ClusterIP-start-timeout-20s)
> stop interval=0s timeout=20s (ClusterIP-stop-timeout-20s)
> monitor interval=5s (ClusterIP-monitor-interval-5s)
>
> Stonith Devices:
> Fencing Levels:
>
> Location Constraints:
> Ordering Constraints:
> Colocation Constraints:
>
> Cluster Properties:
> cluster-infrastructure: cman
> cluster-recheck-interval: 0
> dc-version: 1.1.11-97629de
> stonith-enabled: false
> Pacemaker and Corosync version:
> Pacemaker - 1.1.12-4
> Corosync - 1.4.7
>
>
> Is the issue due to configuration error or firewall issue.
>
>
> With Regards
> Somanath Thilak J
Hi Somanath,
The configuration looks fine (aside from fencing not being configured),
so I'd suspect a network issue.
The IPaddr2 cloning relies on multicast MAC addresses (at the Ethernet
level, not multicast IP), and many switches have issues with that. Make
sure your switch supports multicast MAC (and if necessary, has it
enabled on the relevant ports).
Some people have found it necessary to add a static ARP entry for the
cluster IP/MAC in their firewall and/or switch.
More information about the Users
mailing list