[ale] failover planning

Bob Toxen bob at verysecurelinux.com
Mon Nov 29 21:23:59 EST 2004 

On Mon, Nov 29, 2004 at 08:56:03PM -0500, Stephan Uphoff wrote:
> On Mon, 2004-11-29 at 20:34, Christopher Fowler wrote:
> > I've tried this before with simple configuration of two nics simply
> > using ifconfig.  But I was never convinced that packets destined for 2.5
> > was not scooped up by the first nic on 2.4

> When I transitioned from cable to dsl I had such a setup.
> The problem was that BOTH nics would reply to broadcasted ARP request
> for either of the IPs with their own Ethernet address.
> This caused packets to arrive at the wrong interface where they were
> blocked by a firewall. (This was an old hacked up 2.2.16? kernel)
This is incorrect behavior.  This should not even have happened on a
correctly built 2.2.16 system.

Bob


> > On Mon, 2004-11-29 at 20:27, Bob Toxen wrote:
> > > On Mon, Nov 29, 2004 at 07:49:43PM -0500, Christopher Fowler wrote:
> > > > Speaking of failover is it possible to install 2 NICS in Linux and put
> > > > them on the same subnet.  I.E. eth0 = 192.168.1.4 and eth1 = 192.168.1.5
> > > > then place those NICS under load balancing.  In this case both will have
> > > > the same DNS and same gateway.  All load balancing setups I've seen load
> > > > balance between multiple Internet connections.
> > > Sure.  No problem.  Of course, this is needed only if your total bandwidth
> > > requirements exceed that of a single NIC (either 100 Mbps duplex or 1 Gbps).

> > > Bob Toxen
> > > bob at verysecurelinux.com               [Please use for email to me]
> > > http://www.verysecurelinux.com        [Network&Linux/Unix security consulting]
> > > http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
> > > Quality Linux & UNIX security and SysAdmin & software consulting since 1990.

> > > "Microsoft: Unsafe at any clock speed!"
> > >    -- Bob Toxen 10/03/2002


> > > > On Mon, 2004-11-29 at 19:40, Greg Freemyer wrote:
> > > > > On Mon, 29 Nov 2004 09:51:34 -0500, James P. Kinney III
> > > > > <jkinney at localnetsolutions.com> wrote:
> > > > > > I am looking at setting up a small non-local redundant webserver. The
> > > > > > net access for each node is through different ISP's so each node has
> > > > > > different IP's. In fact, there is nothing in common between the two
> > > > > > different networks. They have no common router.

> > > > > > The main site is serverd by a T1 line that is susceptable to an outage
> > > > > > caused by falling trees. I would like to make the outage as short as
> > > > > > possible by making the backup site live as fast as possible. Right now,
> > > > > > other than editing the DNS listing and waiting for the change to
> > > > > > propogate, I have no other way to do this.

> > > > > > Any suggestions?
> > > > > > --
> > > > > > James P. Kinney III          \Changing the mobile computing world/

> > > > > If nothing else, you could try round-robin DNS.

> > > > > That way roughly half of your dns quiries will go to each IP.

> > > > > Then set your client TTL low so your users are requesting a new DNS
> > > > > entry fairly often.

> > > > > If one of your sites fails,  there is a 50% chance your users will go
> > > > > to the other site with their next DNS request.  (ie. if you have M$
> > > > > users, they do a dns request at least once per reboot.)

> > > > > Greg

More information about the Ale mailing list