Date: Mon, 19 Oct 1998 17:59:08 -0500 (CDT) From: Joe Greco <jgreco@solaria.sol.net> To: freebsd-doc@FreeBSD.ORG Subject: Would you like to add... Message-ID: <199810192259.RAA19704@aurora.sol.net>
next in thread | raw e-mail | index | archive | help
Ken is right, this is a good contribution to the handbook, or maybe a more
advanced users guide of some sort.
If you would like me to write it in slightly less terse language, I don't
have an objection to doing so, plus I can provide some pointers to other
code/patches that I have available.
Message-ID: <360B9A16.703A3FDA@us.endress.com>
Date: Fri, 25 Sep 1998 08:26:46 -0500
From: Kenneth Furge <kenneth.furge@us.endress.com>
X-Mailer: Mozilla 4.05 [en] (Win95; I)
MIME-Version: 1.0
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: Dual/Quad NICs
References: <slrn70ev5a.311.dw@zazu.nowhere.dk> <slrn70fl0v.mht.dw@mufasa.nowhere.dk> <yfgvhmfmg5b.fsf@time.cdrom.com> <6ub472$k3i$1@apakabar.cc.columbia.edu> <6udost$nsi@newsops.execpc.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
NNTP-Posting-Host: 198.133.30.20
X-Trace: 25 Sep 1998 13:26:49 GMT, 198.133.30.20
Organization: IBM.NET
Lines: 137
X-Notice: Items posted that violate the IBM.NET Acceptable Use Policy
X-Notice: should be reported to postmaster@ibm.net
X-Complaints-To: postmaster@ibm.net
Path: daily-bugle.newsops.execpc.com!newsops.execpc.com!newstank.sol.net!newspeer.sol.net!news.execpc.com!newsengine.sol.net!feed1.news.rcn.net!rcn!cpk-news-hub1.bbnplanet.com!news.bbnplanet.com!newsfeed.internetmci.com!165.87.194.242!newsm2.ibm.net!ibm.net!news3.ibm.net!198.133.30.20
If it's not there already, this one belongs in the handbook.
- K.C.
[ printing now for future reference... ]
Joe Greco wrote:
>
> In comp.unix.bsd.freebsd.misc article <6ub472$k3i$1@apakabar.cc.columbia.edu>, wpaul@ctr.columbia.edu (Bill Paul) wrote:
> :The trick is to have the second interface take over for the first without
> :any traffic interruption. This sort of implies letting the second interface
> :adopt the first interface's IP address; this is the only way you can keep
> :existing connections alive.
>
> ERROR, ERROR ;-)
>
> This is NOT the only way to keep existing connections alive. As a matter
> of fact, it's exactly the wrong way to try to keep existing connections
> alive. As a matter of fact, I'm sorta sure that the IP stack tends to
> associate a particular _interface_ with a given connection, since I've
> never been able to get transitioning of an IP address between multiple
> interfaces to work OK.
>
> Take advantage of what the kernel does give you, and turn on packet
> forwarding.
>
> Create yourself a kernel with more than one instance of the loopback
> interface. Now, ifconfig "lo1" as the destination address that you
> wish to use.
>
> Configure {ed,de,xx}0 with an arbitrary IP address on a valid network
> and {ed,de,xx}1 on a different network. I will give a _working_ example
> in a minute.
>
> Now, run your service. If you intend to establish outbound connections,
> and your code does not support specific-interface binding (Squid and
> Apache do, some other things don't), you may wish to alter the source
> code a bit to change INADDR_ANY bindings to point to a specific address.
> I can provide working examples for bind4, ntp4, sendmail8, etc.
>
> Now, you have bound your service to an interface that _cannot_ physically
> fail, and has a constant IP address. Now you merely need to get your
> network to forward you the traffic. Use OSPF.
>
> My Squid server is a classic but simple example of this type of strategy.
> It is connected via direct crossover Ethernet links to two of my core
> routers, and the network configuration looks like this for the de's:
>
> de0: flags=c863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,LINK2,MULTICAST> mtu 1500
> inet 206.55.68.230 netmask 0xfffffffc broadcast 206.55.68.231
> de1: flags=c863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,LINK2,MULTICAST> mtu 1500
> inet 206.55.69.10 netmask 0xfffffffc broadcast 206.55.69.11
>
> These links correspond to 206.55.68.229 and 206.55.69.9, interfaces on my
> core routers.
>
> I then configure lo1:
>
> lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
> inet 206.55.64.121 netmask 0xffffffff
> inet 206.55.64.84 netmask 0xffffffff
> inet 206.55.64.88 netmask 0xffffffff
>
> The first one is the address associated with the machine's primary
> hostname, and the second two are "virtual service" addresses. This
> allows me to move services between machines simply by re-ifconfig'ing
> an interface or two.
>
> Now the trick is to export routes with gated. The following is roughly
> approximate, but may not work verbatim due to the fact that I am
> butchering some stuff out on the fly:
>
> interfaces {
> interface de passive ;
> } ;
>
> %include "/etc/gated.routerid"
>
> rip no ;
>
> hello no ;
>
> ospf yes {
> defaults {
> preference 150 ;
> } ;
>
> traceoptions all ;
>
> monauthkey "yeahright" ;
> (ospf_area-or-backbone) {
> authtype whatever ;
> interface de cost 10416 {
> priority 2 ;
> authkey "likeillgivethatout" ;
> retransmitinterval 5 ;
> transitdelay 1 ;
> hellointerval 10 ;
> routerdeadinterval 40 ;
> } ;
> stubhosts {
> 206.55.64.121 cost 1024 ;
> } ;
> stubhosts {
> 206.55.64.84 cost 1024 ;
> } ;
> stubhosts {
> 206.55.64.88 cost 1024 ;
> } ;
> } ;
> };
>
> export proto ospfase type 1 {
> proto direct {
> ALL
> metric 1 ;
> } ;
> proto static {
> ALL
> metric 999 ;
> } ;
> };
>
> So this announces routes into my OSPF routing architecture to bring in
> those addresses, which will come in _via_either_ethernet_ regardless of
> reachability. This isn't necessarily the most ideal way. I'm not a
> gated rocket-boy. But it does work. (And if any gated rocket-boys want
> to tell me how to do this correctly, please do). You can also do some
> load balancing via careful costing of routes.
>
> I can actually sit there on the Squid server and alternately "down" de0
> and de1, and aside from a few seconds of route recomputation, there is
> virtually no disruption of traffic - or my login session.
>
> It works.
>
> ... JG
... Joe
-------------------------------------------------------------------------------
Joe Greco - Systems Administrator jgreco@ns.sol.net
Solaria Public Access UNIX - Milwaukee, WI 414/342-4847
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199810192259.RAA19704>