LinuxQuestions.org - Adding a route to a static Host

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - Adding a route to a static Host (https://www.linuxquestions.org/questions/linux-newbie-8/adding-a-route-to-a-static-host-788696/)

Adding a route to a static Host

Hi All,

I've trying to add a route to a host to force traffic out of a clustered IP address...

IE I have a cluster and the IP address moves from host to host on failure of a resource. The IP address is just a simple alias of an interface so for example... bond0:0 192.168.1.1 and bond0 192.168.1.10

What I want to do is force a program that starts up on the cluster hosts which sends packets out to a listening server to only send out of the cluster ip address.

I did a route add -host 172.22.2.2 gw 192.168.1.1
But this doesn't seem to work if i try to send a ping the packets still go out the wrong address, and more and above that for some reason the ping doesn't work at all. If i remove the route the ping will work again.

Any hints much appreciated.

Cheers,
M

PS - Ubuntu Hardy and can you do this kind of thing for local interfaces... i'm sure i've done this before?

I almost hate to reply to you because I don't want to ruin your Zero Reply thread, but routing is just that. You may already know this from your experimentation, but I'll explain just in case.

I send a letter from city A to city B. Sometimes it goes through city C. Sometimes city D. City C and D are different routes to the same destination but the letter still originates from City A and arrives in City B. That's routing. Routing tells you how to get there, not where it came from. Where it came from and where it is going is in the Internet Protocol headers.

Here are a few ideas you can look at:
1. Set up NAT, or Network Address Translation. You can use IP Packet Forwarding for this on the cluster box.
2. You could tunnel your commands through ssh like this:

Code:

ssh cluster "ping destination_hostname"

3. Set up iptables with redirect rules, probably in conjunction with the #1. iptables can be challenging to use without some tools to help you. I do it, but I'm not going to say I like it, it's a pain.
4. Use httpd and its proxy configuration to bounce your requests off the web server which resides on the cluster box.
5. Use a proxy server like squid on the cluster box and push your requests through that.

I'm sure there are ideas others can provide. I'd look at #1 first. Set up the cluster box as a router with NAT and IP Packet Forwarding. Use iptables only when necessary for your special needs. It sounds like you are looking for a NAT enabled Gateway Router. Linux does really well with this. Some distros are tailored for routing. Slackware has what you need built in but other router oriented distros are easier to set up.

I hope this helps. I'm thinking I don't fully understand what you are actually doing.

Thanks, nice reply. I've got some great knowledge of IP tables and have written a few custom firewalls in my time (i've got to grips with ye olde iptables commands) so this is certainly one method.

I understand what your saying about sending the letter, however I was hoping by adding a static route and saying send the message from this gateway, that it should work. However the route is actually meaning send the letter from this host to that gateway which is also on this host, and that is probably where the problem lies.

That is a shame a nice little route command i was hoping would have solved this problem for me.

Basically the clustered server has a application on it that will send some data to another server (call it: serverstatic) when its started, and being in a cluster I want it to look as though its always coming from the same machine. The problem is that when the app first starts because its not sending the data to the serverstatic machine from the clustered IP address, if the cluster fails over to the other machine then when it sends the data to the serverstatic machine, it un-recognised because its then coming from a different machine. Whereas if set-up how i want it to be, the data will be sent out through the clustered IP address and thus serverstatic would be none the wiser.

I hope that make things a bit clearer. Certainly IPtables is one idea!
Cheers,
M

So my take away from this is that a NAT enabled Gateway Router is not enough. Because the router would (or could) round-robin new requests to a different backend server, but the response would always end up coming from the machine that first serviced the request.

Diving a little deeper. Is this a Java App Server? If it is, there are facilities that can really help with clusters in Glassfish, for example. If it is a different application environment, I'm not sure I an help much.

One other thing to think about though... With Apache Httpd you and set up a proxy to another machine. The back end application can run on a different system, requests could just be proxied off to those instances. Perhaps there is a way to set up that proxy mechanism to work the way you are describing? I do this for Java, for example, serving up files that end in .jsp would be proxied off to a Tomcat instance on the back end someplace but the requests always still go through the same Httpd server. JSP's appear to be serviced seamlessly though Httpd.

I can give you my set up for that (although I don't use it anymore) if you are interested in using the proxy features of Httpd.

Thanks for the reply. No its not a Java app. The thing is that sometimes its the server that makes calls to the client machine. And thats the reason i need to get this working on the cluster IP address. So the server only calls the client that is Live at the time.

I've also tried this command... which works to a certain extent.
ip route add 172.22.2.2/32 via 192.168.98.254 dev bond0:0

The annoying this is that it doesn't set the source address as i would have expected to bond0:0 address. I've not yet tried the ip tables option i'm going to look at that hopefully tomorrow.

Damn i thought this was going to be easy.

I'm sorry I wasn't able to provide more help, but I'm "hooked" now. Please feel free to contact me directly or post back here. I'd like to know what you come up with for a solution.

You already know what options I can provide so if any of them can help you, let me know and I'll try to point you in a proper direction.

I think this is an interesting problem. Let me know if I can help in any way.

No Problem, thanks for your help.

I've ended up finding out that it was possible to force the client to bind to the alias IP address so that has basically fixed the problem.

However i'm still surprised that this is quite difficult to solve, i'd have thought its a common problem trying to do what i was looking at before i knew the client could bind to specific address.

Never mind in any case and thanks very much for helping!
Regards,
M