[Linux-cluster] heartbeat
Kaloyan Kovachev
kkovachev at varna.net
Tue Feb 2 10:18:18 UTC 2010
On Tue, 02 Feb 2010 07:47:42 +0000, yvette hirth wrote
> Dirk H. Schulz wrote:
>
> > What I do not understand at the moment: If you can afford to restrict
> > one of every blade's two interfaces to cluster communication, why don't
> > you put them into a VLAN (the real interfaces, not virtual ones) and see
> > to it that the VLAN has not connection to any outside network?
> > Then the engineers would have no means of flooding your cluster
> > communication subnet.
>
> yes, like an old dell 5124 24-port gigE switch. i have about a bunch of
> them laying around, and you can find them for cheap on ebay (like $100
> or so). connect each port on the switch to one nic per blade.
>
> make sure your hosts files on all blades list all blades so as to avoid
> dns (i'm sure it does if your cluster is working properly). you can
> block and log dns->out on your iptables and that way any unknown hosts
> will show up pronto.
>
i would add when you separate the internal/comunication network, in host files
to list node1.internal, node2.internal pointing to the node IP in that
separated network and use those names in cluster.conf in order to move the
multicast there
> just don't connect it to your firewall or any other internal network and
> that'll work fine for a heartbeat-only subnet. i used something like
> this on a colo-hosted site for high-security sql-only (no outside)
> access and it worked fab.
>
> yvette hirth
>
> --
> Linux-cluster mailing list
> Linux-cluster at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-cluster
More information about the Linux-cluster
mailing list