Setting up 2 physical redundant servers

Bob Chiodini rchiodin at bellsouth.net
Thu Mar 10 16:43:52 UTC 2005


On Thu, 2005-03-10 at 09:25 -0600, rado wrote:
> 
> > Bob Chiodini wrote this in another thread.
> > 
> > I don't know how the Zoom modem handles the port forwarding, that is,
> > whether it relies strictly on learned MAC address or IP, and how long is
> > it's ARP cache timeout.  We use a combination of shell scripts, ping and
> > ifconfig with IP address aliasing for redundant MRTG machines.
> > 
> > You might look into some of the High Availability (HA) techniques for
> > linux.  That is, if you are looking for redundancy and not load sharing.
> > Load sharing through port forwarding (virtual servers) might get a
> > little complicated and would probably be best served with a second DSL
> > line and dedicated address.  Then let DNS handle it.
> > 
> > Bob...
> Thx for this Bob,
> 
> Before I start, just wanna tell you that I am really gringo, I know
> enough about this to get me in trouble...next to nothing. But I want to
> do this just to do this. The questions I might ask might seem very
> elementary because of my ignorance.
> 
> Ok, I do want to make the machines redundant so load sharing is not an
> issue here. Sure I would like to learn bout it but whoa...not now.
> 
> this zoom router: The Virtual Server Config has in it the following:
> ID      Public Port  Private Port   TCP/UDP   Private Address
> 1           53           53           TCP       10.0.0.10
> 2           80           80           TCP       10.0.0.10 
> 3           25           25           TCP       10.0.0.10 
> 4           21           21           TCP       10.0.0.10 
> 5           20           20           TCP       10.0.0.10 
> 6           53           53           UDP       10.0.0.10
> 
> this was what was in it that I had entered a long time ago.
> yesterday I just added the following:
> 
> 1           53           53           TCP       10.0.0.12
> 2           80           80           TCP       10.0.0.12 
> 3           25           25           TCP       10.0.0.12 
> 4           21           21           TCP       10.0.0.12 
> 5           20           20           TCP       10.0.0.12 
> 6           53           53           UDP       10.0.0.12
> 
> sure, I am able to send recieve mail now also in 10.0.0.12 among other
> things really but don't you agree that this is wrong?
> 
> I really think that when this modem receives a hit for
> 209.205.179.141:80 let's say, there should only be one private ip w/port
> 80 listed. Is this correct thinking on handling this considering what I
> my simple setup will consist of?
> 
> the equipment relevant:
> Both boxes have 2 128G Hds... rbmain1 fc2, HDs not raided yet.
>                               rbmain2 fc3, HDs are raided.
> 
> I need direction...step by step to accomplish the redundancy etc.
> lol first step is to learn all the new terms that bob stated above.
> 
> thx
> John Rose

John,

HA info:

        http://www.linux-ha.org/
        
You might want to look into this before trying to roll your own.
        
What I did:
        
I am at the Kennedy Space Center, and what we did was a somewhat dumbed
down version of HA and heartbeat.

I have two machines, essentially web servers for MRTG.  Each machine has
two ethernet interfaces.  The eth0 interfaces are connected to a common
switch, the eth1 interfaces are connected together via a crossover
cable.  

At any given time, only one machine is active.  It remains active as
long as it can ping the upstream router.  If it fails to ping the
upstream router (tries every 10 seconds) it will send a command via rsh
or ssh thru the dedicated link to the slave telling him to become the
master.  Both machines also ping each other via eth0 and eth1 and if the
slave determines that the master is not responding (loses both paths) it
will automatically assume the master's role.

All interfaces have unique IP addresses.  The eth0 interfaces are
visible to the world, but the eth1 interfaces are only visible to each
other.  The eth1 channel is used to issue remote commands between the
two boxes.  The master will also have an aliased IP address on eth0 that
is DNS registered and used by the rest of the world to access the server
(that was the key!).  When a switch-over occurs, that aliased address is
removed from the master and added to the slave.  This is where ARP
caching becomes a problem.  We have Cisco routers upstream and the ARP
caches need to be cleared before traffic will pass to/from the aliased
IP address.

The router's ARP cache can be cleared with:

        ping -q -c 1 -b -I $COMMONIP $NETWORK > /dev/null 2>&1

Where $COMMONIP is the aliased IP address and $NETWORK is the network
mask.  I don't how to do this for any other network gear (i.e your
modem).  That was the other key!

The master-to-slave and slave-to-master decision tree is pretty
convoluted and more than likely will be different than yours.
Essentially, whichever machine can see the most (via ping) is the
master.  If both see everything, then the one designated as the master
is the master and the other is the slave.  As long as the dedicated link
is up, the one becoming the master can tell the other, via rsh, ssh,
etc.  A background script runs on each machine every 10 seconds that
does all of the pinging.

Somewhat confusing, but I hope it helps.

Bob...




More information about the fedora-list mailing list