AIX

Hi guys,

thanks for your help

I need to have IPs in the same subnet, because this is an hacmp (tsm) cluster, with 7 resource groups / 7 service ips, + persistent IPs


I have one IP-range that is routed (lets say the 192.168.100.x)

and I can use as many unrouted IPs as I like

that is 1.1.1.x in this case

AIX can handle more IPs in the same subnet, incoming virtual IP interface = outgoing virtual IP interface


the only problem I have is outgoing traffic behind a firewall, since hacmp load balances the service IPs over adapters
so I can never say which virtual IP resides on which adapter

as a workaround, there is a firewall rule for every service and persistent ip, but that's not what I want


@gurumeditation
I will try this, but are you sure, that the virtual ip is stored in the route, and not the interface the ip is applied on, the time you run the command?


sounds good to me, I let you know if it is possible

Edit: tried this, doesn't work, I think because the packages are not being routed to the default gateway in this case

cheers


Edit2:

I'm not the only one facing this problem, look at these articles:

http://fixunix.com/aix/487408-hacmp-...h-routing.html

http://www.aixmind.com/?p=780


seems that there is no solution to this expect of:
1. open the firewall to all addresses
2. do this on application level, and bind the outgoing traffic to an IP-address, which is not available for many apps

I start to understand. The following is untested and just an idea, try it at your own risk:

The kernel has one - and only one - routing table. This data structure is consulted sequentially and later entries are overruled by earlier ones. Therefore the host.route you want to establish should be declared as early as possible. It might help to replace all the routes you have now (which are probably defined via "chdev -l inet0 ...") by lists of route definitions using "route add ..." which are placed in /etc/rc.net. This way you could exert control over the sequence in which the routing table is built.

Another idea is to create a (non-routed) IP alias which acts as a gateway for that host route and only for this IP alias establish routing information to the network gateway. You could bind the IP alias onto any interface and this way force traffic to be dispatched via this interface.

Another thing is:

You might want to put these commands into a resource group and use start-/stop-scripts to create/remove these routing table entries.

I hope this helps.

bakunin

the non-routed IP gateway wont work

but I like the idea with the own routing table
maybe there is a way to manipulate ODM-entries, to change the routing boot-sequence
but for sure I have to test this exactly



I think the safest and best way, don't know why I didn't think about that jet:
I add an virtual adapter from vio, and thats my "firewall interface" (2 vios, sea)

away from hacmp, on both nodes, always configured
what do you think about that?

the only thing that's not so great about it: for now, this machine has nothing to do with the virtual io servers on the system, with that I will generate a dependency

If your system is AIX5.3 or 6.1 you can use
check parameter mpr_policy

Code:

no -o mpr_policy

I think for you is better 5, do

Code:

no -o mpr_policy=5

sorry if can be a problem with HACMP, I don't know your configuration.
return to default (1)

Code:

no -o mpr_policy=1

of course you right. "no" no "on"

btw. you mean no and not on
but thank you for this, so I've discovered the on command, which sounds interesting to me ^^

with mode 5, the man page of route says I can generate some kind of hash table, but how should it look like, and where should it be, a flat file?

It always can do, it's ony show:

Code:

no -o mpr_policy

maybe, your system set mpr_policy 5?
If you have free lpars you can test it.