LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: duplicate ip due to ip faking

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: duplicate ip due to ip faking
From: Chris <chris@xxxxxx>
Date: Tue, 10 Jul 2001 13:18:42 +0200
Hi,

sorry I´ve forgotten the script :-(

--
Chris

Chris wrote:
> 
> Hi,
> 
> I run into the same problems some time ago, so I wrote a little script,
> which tests
> the server first with an port connect (port 22 / ssh), but when the
> connect fails, or the script
> guesses it has allready taken the IP, it uses arping to check if the IP
> is allive.
> The -D switch of arping is very usefull in that case :-)
> 
> OK, now backup releases the IP from the director, but there are still
> some arp-caches which uses the entry
> from the backup.
> so I added following lines to end of the ip_stop functoin of IPaddr:
> 
> ETH=`${FINDIF} ${FULLIP} |cut -f1`
> 
> if ! `${ARPING} -D ${BASEIP} -I ${ETH} -c 1 -w 1 -q` ; then
> 
>   MACADDR=`${ARPING} -D ${BASEIP} -I ${ETH} -w 1 -c 1|grep Unicast|cut
> -d "[" -f 2- | cut -d "]" -f1`
>   for j in 1 2 3 4
>   do
>    $SENDARP ${ETH} ${BASEIP} ${MACADDR} ${BASEIP} ffffffffffff
>    sleep 1
>   done
> 
> fi
> 
> now the backup broadcasts the mac-address from the master into the
> network.
> 
> the paths of findif, arping and sendarp must also be added to IPaddr.
> 
> --
> Chris
> 
> Miri Groentman wrote:
> >
> > In ?High Availability?
> > (<http://www.linuxvirtualserver.org/HighAvailability.html>) it is mentioned
> > that the backup server activates Fake and fakes the server?s ip, and when
> > the server (LinuxDirector) is up again, it releases the ip it was faking. My
> > question is: Can there be a situation in which both LinuxDirector and the
> > backup have the same ip address at a given moment ? (exaples to such a
> > situation: A. In case a crucial demon on LinuxDirector is down, but the
> > LinuxDirector itself is up and can respond to ARP. In such a case the backup
> > might take over, faking LinuxDirector?s ip because of the crucial demon
> > that?s down. Both LinuxDirector  and the backup might respond to the an ARP
> > with the same ip address.
> > B. In case the LinuxDirector  has recovered after a crash, and it is up
> > again, but the backup hasn?t learned about it yet, again, both LinuxDirector
> > and the backup have the same ip. What happens to a packet directed at the
> > LinuxDirector  arriving at such time? )
> >
> > Case b :
> >                 LinuxDirector                   backup
> >                         |                       |
> >                         |                       |
> >         down    --      |                       |
> >                         |                       |
> >                         |                       |--fakes ip
> >                         |                       |
> >                         |                       |
> >         up again --     |                       |       |
> >                         |                       |       | <--- what what
> > happens here?
> >                         |                       |       |
> >                         |                       |-- learn that LinuxDirector
> > is up and stop faking
> >
> > thanks
> > -Mrii
> >
> >
> >
> >
> > _______________________________________________
> > LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> > or go to http://www.in-addr.de/mailman/listinfo/lvs-users
> 
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
#!/bin/bash2
#
# a small script, which tests an given IP 
# the format could be xxx.xxx.xxx.xxx of xxx.xxx.xxx.xxx/mm
# (mm is the netmask in hex)
#
BIN_DIR="/etc/ha.d/rsource.d/"

ETH=`${BIN_DIR}findif  $1  |cut -f1`
IP=`echo $1 | cut -d "/" -f1`

# do I allready have this IP?

if test ! -f /var/tmp/have$1 ; then

        # test the ssh-port if open
        if !  ${BIN_DIR}nc -w 3 -z ${IP} 22 ; then

                if  ${BIN_DIR}arping -D ${IP} -I ${ETH} -c1 -w1  -q ;then
                        ${BIN_DIR}IPaddr $1 start
                        touch /var/tmp/have${IP}
                fi
        fi

  # is the server realy down ?
  elif ! ${BIN_DIR}arping -D ${IP} -I ${ETH} -c1  -q ;then

        # no, the server up, so remove the testfile and stop the local interface
        rm /var/tmp/have${IP}
        ${BIN_DIR}IPaddr $1 stop

  else
        # the server is down, so start the interface 
        ${BIN_DIR}IPaddr ${IP} start

fi

<Prev in Thread] Current Thread [Next in Thread>