[LARTC] Configuring a redundant ethernet connection

[LARTC] Configuring a redundant ethernet connection

[Doug Kingston]

I am interested in setting up a host with dual ethernet connections to the same 
IP subnet (but different switches) for redundancy.  We need reasonably 
transparent failover if an interface fails.  In studying the existing HOWTO 
documents and other stuff produced by Google, it looks like the configuration in 
section 4.2 of the HOWTO (Routing for multiple uplinks/providers) comes close to 
setting up what we need, but there are some issues:
1. As implemented, traffic is segrated by destination and transparent failover 
is not possible.  If an interface fails, connections would need to be 
re-established.
2. Traffic is sourced with an interface specific address.
3. Incoming traffic would be bound to one or the other and at best would need to 
rely on something like DNS round robin at connection setup time - not ideal.

Though I have not tried this yet, it looks like one might be able to setup a 
dummy interface with a third IP address on the same subnet, and then proxy arp 
for that address from either of the real interfaces.  This virtual address is 
the one you would advertise via DNS as the machine's "primary" address, and this 
address would be used as the Source address on all outgoing packets.

Has anyone attempted to set up a redundant interface in this manner or something 
similar?  How would I arrange for the proxy arping that would be necessary to 
get traffic for the virtual interface delivered to the real one?  Is there a 
better way?

If I get this working - I will write up the HOWTO...

-Doug-

-- 

Douglas Kingston
Director
Global Unix Engineering Manager

Deutsche Bank AG London
6 Bishopsgate
London EC2N 4DA

Work:	+44-20-7545-3907
Mobile:	+44-7767-616-028

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Configuring a redundant ethernet connection

[Martin A. Brown]

Doug,

 : I am interested in setting up a host with dual ethernet connections to
 : the same IP subnet (but different switches) for redundancy.  We need
 : reasonably transparent failover if an interface fails.

Linux supports channel bonding which should do what you want.  There is
little documentation outside the kernel for this, but what documentation
exists is very good.  This can be found in a linux source tree in the
following file:

  Documentation/networking/bonding.txt

 : In studying the existing HOWTO documents and other stuff produced by
 : Google.... it looks like the configuration in section 4.2 of the HOWTO
 : (Routing for multiple uplinks/providers) comes close to setting up what
 : we need, but there are some issues:

I really don't think this is what you wish to do.

 : 1. As implemented, traffic is segrated by destination and transparent
 : failover is not possible.  If an interface fails, connections would
 : need to be re-established.

  - not true if you are using a multipath [default] route on the router;
    true otherwise

 : 2. Traffic is sourced with an interface specific address.

  - true; this is probably a show stopper for you if your host runs
    services or masquerades.  If neither, then you don't need to care.

 : 3. Incoming traffic would be bound to one or the other and at best
 : would need to rely on something like DNS round robin at connection
 : setup time - not ideal.

  - distinctly the opposite of ideal; a pain in the proverb

 : Though I have not tried this yet, it looks like one might be able to
 : setup a dummy interface with a third IP address on the same subnet, and
 : then proxy arp for that address from either of the real interfaces.
 : This virtual address is the one you would advertise via DNS as the
 : machine's "primary" address, and this address would be used as the
 : Source address on all outgoing packets.

You could do that, but you are getting dangerously to reinventing the
wheel known as VRRP.  I'd suggest checking out both the reference
implementation of vrrpd (under linux) [1] and keepalived [2].  Although
probably less applicable to your situation, you may also want to visit the
linux high availability site [3] and the linux virtual server site [4].

 : Has anyone attempted to set up a redundant interface in this manner or
 : something similar?  How would I arrange for the proxy arping that would
 : be necessary to get traffic for the virtual interface delivered to the
 : real one?  Is there a better way?

Given your description, I'm inclined to suggest bonding as your first
alternative choice.

Good luck,

-Martin

  [1]  http://w3.arobas.net/~jetienne/vrrpd/
  [2]  http://www.keepalived.org/
  [3]  http://linux-ha.org/
  [4]  http://www.linuxvirtualserver.org/

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Configuring a redundant ethernet connection

[Jose Luis Domingo Lopez]

On Wednesday, 22 January 2003, at 10:07:32 -0600,
Martin A. Brown wrote:

>  : I am interested in setting up a host with dual ethernet connections to
>  : the same IP subnet (but different switches) for redundancy.  We need
>  : reasonably transparent failover if an interface fails.
> 
> Linux supports channel bonding which should do what you want.  There is
> little documentation outside the kernel for this, but what documentation
> exists is very good.  This can be found in a linux source tree in the
> following file:
> 
As far as I know ethernet bonding (trunking) is a layer-2 point-to-point 
thing. So you need compatible bonding implementations at both sides, and
every cable in the trunk on each end must go to the same box.

The original poster said "dual ethernet connections to the same IP
subnet (but different switches)", so I'm afraid bonding is not an option.

Regards,

-- 
Jose Luis Domingo Lopez
Linux Registered User #189436     Debian Linux Sid (Linux 2.4.20-xfs)
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Configuring a redundant ethernet connection

[Doug Kingston]

It turns out that the bonding driver does indeed handle interface 
redundancy to two separate switches.   Martin was right and the kernel 
documentation file (networking/bonding.txt) is packed full of useful 
information.  The specific section that deals with what I need is under 
the heading "High Availability", option 2 "HA on two or more switches 
(or a single switch without trunking support)".  It uses link status to 
determine that the interface is alive and uses one and only one at a 
given time.

bonding.txt is well worth a good read.

-Doug-

Jose Luis Domingo Lopez wrote:

>On Wednesday, 22 January 2003, at 10:07:32 -0600,
>Martin A. Brown wrote:
>
>  
>
>> : I am interested in setting up a host with dual ethernet connections to
>> : the same IP subnet (but different switches) for redundancy.  We need
>> : reasonably transparent failover if an interface fails.
>>
>>Linux supports channel bonding which should do what you want.  There is
>>little documentation outside the kernel for this, but what documentation
>>exists is very good.  This can be found in a linux source tree in the
>>following file:
>>
>>    
>>
>As far as I know ethernet bonding (trunking) is a layer-2 point-to-point 
>thing. So you need compatible bonding implementations at both sides, and
>every cable in the trunk on each end must go to the same box.
>
>The original poster said "dual ethernet connections to the same IP
>subnet (but different switches)", so I'm afraid bonding is not an option.
>
>Regards,
>
>  
>

-- 

Douglas Kingston
Director
Global Unix Engineering Manager

Deutsche Bank AG London
6 Bishopsgate
London EC2N 4DA

Work:	+44-20-7545-3907
Mobile:	+44-7767-616-028


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Configuring a redundant ethernet connection

[Jose Luis Domingo Lopez]

On Thursday, 23 January 2003, at 09:13:10 +0000,
Doug Kingston wrote:

> It turns out that the bonding driver does indeed handle interface 
> redundancy to two separate switches.   Martin was right and the kernel 
> documentation file (networking/bonding.txt) is packed full of useful 
>
All I have to say is that you are obviously right, and I hope nobody on
this list was "fooled" by my post. Next time I'll try to be more
precise, sorry for the inconvenience :-(

-- 
Jose Luis Domingo Lopez
Linux Registered User #189436     Debian Linux Sid (Linux 2.4.20-xfs)
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/