[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-ha
Subject: Re: [Linux-HA] HA-Linux and NTP
From: Alan Robertson <alanr () unix ! sh>
Date: 2005-02-23 19:16:52
Message-ID: 421CD6A4.3070001 () unix ! sh
[Download RAW message or body]
Kashif Shaikh wrote:
> It's not really a bug. If ntp is listening on all interfaces on a multihomed
> box, typically each interface is a separate network. But VIPs are 'grafted'
> onto an existing network. So when a UDP packet is recv'd, a corresponding
> UDP send will *choose* an existing physical interface. In a nutshell
> requests sent to say, eth0:1, will get replies back from eth0. We had this
> problem with NFS over UDP for HA.
A VIP is the same as any other IP. But applications which never bind to IP
addresses, always send out via the default address for the interface which
- in an HA situation - is always wrong.
> Fix #1: Modify ntp sockets to use IP_PKTINFO when recv()'ing and send()'ing
> Fix #2: (Easy fix) Run one ntp for each interface(i.e. bind each ntp
> instance to an IP).
There are plenty of applications which do this right - that is they can
bind to multiple addresses, and reply using the address they were addressed
by. Failure to do what one ought to do constitutes a bug. Particularly
for an application as generic and as widely used as xntpd.
> Fix #3: There is a way to add the VIP as a static route to the routing
> table(I forgot how to do this).
>
> Fix #4: ip firewall rules.
I think you meant to say to change the default source address for the
interface. See the IPsrcaddr resource for how to do this with heartbeat.
>
> #1 is the easiest for deployment, it's not that hard to modify the source
> since its available.
Of course, since we supply IPsrcaddr, #4 is an even easier fix - for some
applications.
--
Alan Robertson <alanr@unix.sh>
"Openness is the foundation and preservative of friendship... Let me claim
from you at all times your undisguised opinions." - William Wilberforce
_______________________________________________
Linux-HA mailing list
Linux-HA@lists.linux-ha.org
http://lists.linux-ha.org/mailman/listinfo/linux-ha
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic