[ClusterLabs] Regarding IP tables and IP Address clone

Somanath Jeeva somanath.jeeva at ericsson.com
Wed Dec 23 06:05:06 CET 2015


> Hi
> I am trying to use ip loadbalancing using cloning feature in pacemaker. but After 15 min the virtual ip becomes unreachable. Below is the pacemaker cluster config
>
>  # pcs status
> Cluster name: DES
> Last updated: Tue Dec 22 08:57:55 2015
> Last change: Tue Dec 22 08:10:22 2015
> Stack: cman
> Current DC: node-01 - partition with quorum
> Version: 1.1.11-97629de
> 2 Nodes configured
> 2 Resources configured
>
>
> Online: [ node-01 node-02 ]
>
> Full list of resources:
>
>  Clone Set: ClusterIP-clone [ClusterIP] (unique)
>      ClusterIP:0        (ocf::heartbeat:IPaddr2):       Started node-01
>      ClusterIP:1        (ocf::heartbeat:IPaddr2):       Started node-02
>
> #pcs config
> Cluster Name: DES
> Corosync Nodes:
>   node-01 node-02
> Pacemaker Nodes:
> node-01 node-02
>
> Resources:
>  Clone: ClusterIP-clone
>   Meta Attrs: clone-max=2 clone-node-max=2 globally-unique=true
>   Resource: ClusterIP (class=ocf provider=heartbeat type=IPaddr2)
>    Attributes: ip=10.61.150.55 cidr_netmask=23 clusterip_hash=sourceip
>    Operations: start interval=0s timeout=20s (ClusterIP-start-timeout-20s)
>                stop interval=0s timeout=20s (ClusterIP-stop-timeout-20s)
>                monitor interval=5s (ClusterIP-monitor-interval-5s)
>
> Stonith Devices:
> Fencing Levels:
>
> Location Constraints:
> Ordering Constraints:
> Colocation Constraints:
>
> Cluster Properties:
>  cluster-infrastructure: cman
>  cluster-recheck-interval: 0
>  dc-version: 1.1.11-97629de
>  stonith-enabled: false
> Pacemaker and Corosync version:
> Pacemaker - 1.1.12-4
> Corosync  - 1.4.7
>
>
> Is the issue due to configuration error or firewall issue.
>
>
> With Regards
> Somanath Thilak J

>Hi Somanath,

>The configuration looks fine (aside from fencing not being configured),
>so I'd suspect a network issue.

>The IPaddr2 cloning relies on multicast MAC addresses (at the Ethernet
>level, not multicast IP), and many switches have issues with that. Make
>sure your switch supports multicast MAC (and if necessary, has it
>enabled on the relevant ports).

>Some people have found it necessary to add a static ARP entry for the
>cluster IP/MAC in their firewall and/or switch.

Hi ,

Thanks for the quick reply.

I will check with our IT team regarding the multicast MAC at switch level.

But the Virtual IP is reachable for 15 minutes or so after I start the pacemaker/Corosync service. After which it becomes unreachable. However when I restart the iptables service it becomes reachable again for another 15 min.
Would this be because of firewall configurations.



With Regards
Somanath Thilak J

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://clusterlabs.org/pipermail/users/attachments/20151223/51e95126/attachment-0001.html>


More information about the Users mailing list