[ClusterLabs] Concept of a Shared ipaddress/resource for generic applicatons

[Jan Pokorný]

On 02/12/19 09:50 -0600, Ken Gaillot wrote:
> On Sat, 2019-11-30 at 18:58 +0300, Andrei Borzenkov wrote:
>> 29.11.2019 17:46, Jan Pokorný пишет:
>>> "Clone" feature for IPAddr2 is actually sort of an overloading that
>>> agent with an alternative functionality -- trivial low-level load
>>> balancing.  You can ignore that if you don't need any such.
>>> 
>> 
>> I would say IPaddr2 in clone mode does something similar to
>> SharedAddress.
> 
> Just a side note about something that came up recently:
> 
> IPaddr2 cloning utilizes the iptables "clusterip" feature, which has
> been deprecated in the Linux kernel since 2015. IPaddr2 cloning
> therefore must be considered deprecated as well. (Using it for a single
> floating IP is still fully supported.)
> 
> IPaddr2 could be modified to use a newer iptables capability called
> "xt_cluster", but someone would have to volunteer to do that as it's
> not a priority.

You likely refer to

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=43270b1bc5f1e33522dacf3d3b9175c29404c36c

however this extension is activelly maintained to this day, so don't
see any immediate risks other than something related to containers
as referred to from said commit -- that is good to know about in
such scenarios nonetheless.

My up2date Fedora Rawhide iptables installation, or rather its
iptables-extensions(8) man page does not mention any deprecation
at all (unlike with ULOG extension).

OTOH, what may be a true show stopper is a support for IPv4 only,
which xt_cluster seems to rectify.

-- 
Jan (Poki)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.clusterlabs.org/pipermail/users/attachments/20191203/54a368b9/attachment.sig>