LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 08-07-2015, 01:35 PM   #1
msora
LQ Newbie
 
Registered: Aug 2015
Posts: 5

Rep: Reputation: Disabled
Route to different address when unavailable


Hi,

I have several services which interact (each service communicates with other ones with fixed addresses). For testing purposals I'd like to:
  • Stop the service on the target system
  • Start it on my local machine (development environment)
  • All traffic to the service should (automatically) be routed to my machine now
  • I stop the service on my local machine
  • Restart it on the "real" server
  • Traffic for this service goes to "real" machine

Is there a common solution for this issue or do I have to do it on my own?

Thanks for any answers!
 
Old 08-07-2015, 06:39 PM   #2
ferrari
LQ Guru
 
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 5,840

Rep: Reputation: 1148Reputation: 1148Reputation: 1148Reputation: 1148Reputation: 1148Reputation: 1148Reputation: 1148Reputation: 1148Reputation: 1148
It really depends on how the services are advertised and configured. A little more information about these services would be useful. This will help us to comment more specifically. Are we talking about CUPS, Samba shares, DNS,....?
 
Old 08-08-2015, 09:53 AM   #3
msora
LQ Newbie
 
Registered: Aug 2015
Posts: 5

Original Poster
Rep: Reputation: Disabled
The services are self-written, stateless and each one runs in a docker-container.
There are different target systems:[/LIST]
  1. production
  2. staging
  3. test
  4. developer

The first 3 systems consist of multiple hosts, each one runs the same services - with a load-balancer in front of it. This setup
scales good and needs no additional components like service-discovery. Design-goal was to keep complexity low. The services on
each host are linked with docker-mechanisms (means: they do not communicate over the external network).

My question refers to system number 4, the developer system. It consits of a single machine - a VirtualBox-VM which runs
on each developer-workstation. My intension is that each developer can stop any service on the VM (stop the docker-container which
contains the service) and start this service from inside his IDE for testing and debugging purposes. To achieve this, in the developer-system
the docker-containers are not linked, they use the hosts network instead (each service connects to <HOSTNAME_OF_VM>:<SERVICE-PORT>.
Issue is, that the service which has been started from inside the IDE can reach the services in the VM but this does not work in the reverse-direction:
It cannot be reached from the services inside the VM, because it runs on a different host (the host is reachable of course but the services on
the VM connect to <HOSTNAME_OF_VM> and not to <HOSTNAME_OF_HOST>.
.
Of course, I could forget the VM and run the containers on the host machine, every service can communicate with "localhost" and everything will
work fine. But the VM-based approach has several advangages:
  • Same OS-setup and -version as the "real-world"-systems
  • Runs in isolation - Keeps influences with my host-system as low as possible

Another solution would be to manually reconfigure all containers to use <HOSTNAME_OF_HOST> when communicating with the service which runs on the
host. Sounds painfull....

I am looking for a solution on the OS-layer which does not require any modification of the services and the corrosponding docker-containers - this
would break the principle that each system (production, staging, test, developer) should run the same pieces of software. I also want to avoid any
changes in the overall architecture - it should stay simple (e.g. no service-descovery). It should also be easy to handle: Stop container, start
service on host and everything works (without manual reconfiguration)

It should do something like that:
  • If a service on the VM tries to connect to another service and this service is not running (port closed) on the VM the request should be automatically forwarded to the host
Also a more simplified bevahiour would work:
  • Any unsuccessful request to <HOSTNAME_OF_VM> will be forwarded to <HOSTNAME_OF_HOST>

So, any help is appreciated
 
Old 08-08-2015, 11:21 AM   #4
msora
LQ Newbie
 
Registered: Aug 2015
Posts: 5

Original Poster
Rep: Reputation: Disabled
Would the following be a solution?
  • Crontjob that runs in VM and checks frequently (e.g. 5s-interval) if the required ports of each service are open
  • If not, run iptables and nat the ports of the not-running-service to host-machine
Of course the iptable-rule has to be removed when service is restarted in VM
 
Old 08-08-2015, 12:53 PM   #5
msora
LQ Newbie
 
Registered: Aug 2015
Posts: 5

Original Poster
Rep: Reputation: Disabled
I just set up a test to check the iptables-approach.
Simple scenario:
  • VM on host 192.169.91.100 runs apache on port 80
  • Local-machine with IP: 192.169.91.1 runs apache on port 10080
I did (on VM):
Code:
root@devdocker1:~# modprobe ip_tables
root@devdocker1:~# sysctl net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1
root@devdocker1:~# iptables -t nat -A PREROUTING -d 192.169.91.100 -p tcp --dport 80 -j DNAT --to-destination 192.169.91.1:10080
root@devdocker1:~# iptables -t nat -A POSTROUTING -d 192.169.91.1 -p tcp --dport 10080 -j SNAT --to-source 192.169.91.100
Forwarding works as expected when I access VM's port 80 from a different machine but not when I try to access 192.169.100:80
from inside the VM (which is local machine in this case).

Is maybe a special iptables-rule missing?
 
Old 08-08-2015, 01:20 PM   #6
msora
LQ Newbie
 
Registered: Aug 2015
Posts: 5

Original Poster
Rep: Reputation: Disabled
Ok, fixed it. An output-rule has to be defined:
Code:
iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination 192.169.91.1:10080
O.K. I think this approach could work.

But is there a better solution for the general issue?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to check if Kernel has a route to a particular IP address harry-c Linux - Networking 2 12-13-2010 06:02 PM
How do I route internet traffic over my second IP address? FireRaven Linux - Networking 9 03-09-2010 02:04 PM
Route to NAT'd address doublejoon Linux - Networking 1 01-18-2006 12:29 PM
dhcp no ip address and netmask dont match route address pengy666 Linux - Wireless Networking 1 05-08-2005 09:33 AM
nfs server reported service unavailable: Address already in use Gargomel7 Linux - Networking 0 09-16-2003 11:10 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:11 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration