[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Linux-cluster] Network Interface Binding

Hash: SHA1

On 27/07/10 17:02, Steven Whitehouse wrote:
> Hi,
> On Tue, 2010-07-27 at 16:30 +0100, Mark Watts wrote:
> I have a working CentOS 5.5/RHCS cluster in order to support a simple
> GFS2 filesystem (ontop of DRBD) between 2 nodes.
> Since the two nodes have multiple network interfaces, I'd like to tie
> all cluster communication to ETH2 as ETH0 is my production-facing interface.
> I understand I can partially achieve this by using a hostname mapped
> (via /etc/hosts) to the IP address of ETH2 in cluster.conf.
> This seems to work for OpenAIS; the multicast address it uses is bound
> to to eth2 according to "ip maddress show dev eth2", but ccsd is still
> listening on for various ports according to netstat.
> How can I force ccsd to use ETH2?
> Regards,
> Mark.
>> Assuming that you have different subnets on the interfaces, setting the
>> routing table correctly should be enough. Just be careful that any names
>> which are being resolved point to the correct ip addresses.
>> If you don't have a different subnet, you can still do it if you mark
>> the traffic with iptables and route according to the mark.
>> You may need multiple routing tables (again depending on the exact
>> configuration) and a couple of routing rules to ensure that replies are
>> always sent out of the same interfaces on which the queries came in on,
>> Steve.

Well, My interfaces are setup as follows:


cluster.conf references "node1.cluster" which is in /etc/hosts as (node2.cluster follows as .2)

I have no explicit routing on the box, other than a default gateway out
on ETH3's subnet, which is different to the two I've listed.

I suppose my main issue is that I don't want to expose anything other
than TCP/80 on ETH0. Usually I'd do this as a combination of binding
services to specific IP's and doing both inbound and outbound iptables
rules for each interface. These would typically cover every service/port
that I'd use, but multicast makes this a slightly different beast.

Not having done iptables rules for multicast before, I'm a little wary
of doing something without fully understanding how something works
before I firewall it!



- -- 
Mark Watts BSc RHCE MBCS
Senior Systems Engineer, IPR Secure Managed Hosting
QinetiQ - Delivering customer-focused solutions
GPG Key: http://www.linux-corner.info/mwatts.gpg
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]