High-Availability IPs

Discussion in 'Networking & Security' started by TeeJayHoward, Sep 4, 2018.

  1. TeeJayHoward

    TeeJayHoward Limpness Supreme

    Messages:
    9,326
    Joined:
    Feb 8, 2005
    Can someone explain this to me like I'm five? Our work configuration has me scratching my head. We've got two servers, both with the exact same IP. It's what we call our "HA IP", and as I understand it, the primary server uses it, and the secondary ignores it.

    How is this not a duplicate IP violation? I mean, if an ARP request is sent out, shouldn't both servers respond and eff up a routing table? Is there something in the IP stack in the OS that just "shuts off" the interface unless a heartbeat fails?
     
  2. ComputerBox34

    ComputerBox34 Right in the Box

    Messages:
    12,371
    Joined:
    Nov 12, 2003
    In traditional HSRP or VRRP each box has its own unique IP in the same L2 subnet with a VIP (virtual IP) shared between both of them. Using multicast and broadcast, they elect a leader and the VIP simply points to the IP of the box that is elected and fails over to the other IP if the first box disappears.

    It's possible you are not seeing all of the settings that contain info about the IPs of the individual boxes. If not, they must be using some sort of protocol that relies solely on L2 to figure out which box should assume the IP. Can you tell what protocol they are using?
     
  3. Cmustang87

    Cmustang87 [H]ardness Supreme

    Messages:
    4,297
    Joined:
    Oct 4, 2007
    It's also important to note that since in a lot of HA configurations a VIP is used, the MAC address this VIP uses is also a virtual MAC both machines use. In the event of a failure, the VIP and the virtual MAC address are still available.
     
  4. Dead Parrot

    Dead Parrot 2[H]4U

    Messages:
    2,153
    Joined:
    Mar 4, 2013
    Do the servers just have one NIC or two or more? If two+, could be the Public IP NIC is kept dormant by the standby server and the sync data is done via the second NIC. Can also assign multiple IPs to a single NIC, where the 'HA IP' is kept dormant until needed by the standby server and the data sync is done over the secondary IP. Lot of ways to do HA.
     
  5. scobar

    scobar .

    Messages:
    34,224
    Joined:
    Jan 2, 2001
    Need to know more details about said server and infrastructure, but on the surface I say what you are describing is not possible.
     
  6. Eickst

    Eickst [H]ard|Gawd

    Messages:
    1,764
    Joined:
    Aug 24, 2005
    It's pretty common actually. Most networking gear, load balancers, sql server clustering, on and on and etc etc use VIP's for standby/HA purposes.
     
    MrGuvernment likes this.
  7. ComputerBox34

    ComputerBox34 Right in the Box

    Messages:
    12,371
    Joined:
    Nov 12, 2003
    You are talking at a completely different level though - HSRP, VRRP, Load Balancers are all designed for this. What OP described seems to be something setup on the server/application level.
     
  8. toast0

    toast0 Gawd

    Messages:
    869
    Joined:
    Jan 26, 2010
    Depending on how this is setup, one or both of the servers are likely setup _not_ to respond to ARP requests on this IP. This is pretty easy on FreeBSD, add the IP to localhost and it won't arp it, on Linux you can do the same thing, but you also have to fiddle with sysctls http://kb.linuxvirtualserver.org/wiki/Using_arp_announce/arp_ignore_to_disable_ARP . The two servers could negotiate to see which one should respond to arp, or arping could be handled at a nearby router, or if there's a load balancer in front, it will arp, and then forward incoming packets to the selected server(s) via their individual mac addresses (this would be a 'direct server return' load balancer, response packets to the client can go directly out, without touching the load balance; which saves a lot of work on the load balancer, if your network design allows it)
     
  9. Nicklebon

    Nicklebon Gawd

    Messages:
    531
    Joined:
    May 22, 2006
    You must have read a different post because the OPs description in this thread is basic at best

     
  10. ComputerBox34

    ComputerBox34 Right in the Box

    Messages:
    12,371
    Joined:
    Nov 12, 2003
    His post to me seems to indicate that the configuration is on the server OS level, not the network infrastructure level but I be mis-assuming.
     
  11. Nicklebon

    Nicklebon Gawd

    Messages:
    531
    Joined:
    May 22, 2006
    The server OS is exactly where one might configure VRRP. I'm guessing you've never configured VRRP on Solaris before huh?
     
    MrGuvernment likes this.
  12. MrGuvernment

    MrGuvernment Stay [H]ard

    Messages:
    19,810
    Joined:
    Aug 3, 2004
    Are they running windows? Windows clustering, which in turn will use virtual IPs for HA.