| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
| HACMP, MSCS, VCS - How does that "floating" IP Add |
View previous topic :: View next topic |
| Author |
Message
|
| bruce2359 |
 Posted: Mon Feb 08, 2016 5:05 pm Post subject: |
 |
|
Poobah
Joined: 05 Jan 2008
Posts: 9399
Location: US: west coast, almost. Otherwise, enroute.
|
| PeterPotkay wrote: |
| Those packets can't be going to #99. The router (pub sub engine) isn't sending a packet to every server it can for a packet looking for IP Address #3. |
Different subjects here. The pub/sub 'engine' sends messages, not packets. Let's not confuse by using the network term 'router' in this context, or 'packets' when discussing MQ 'messages.'
One of the artifacts of Ethernet is its broadcast of packets. WireShark packet sniffer will capture all packets on the LAN, including those packets not addressed to the computer where WireShark is running. By contrast token-ring NIC cards would only forward packets off the NIC card (to the o/s ip stack) if the packets were addressed to this specific computer.
After TCP protocols ensure all packets comprising an MQ message have arrived, then the message will be delivered to QMGR99. Server #99 is an o/s instance that supports an ip stack. If there is a QMGR99 on Server 99, then QMGR99 will only be handed messages destined for it.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
 |
| mqjeff |
| Posted: Tue Feb 09, 2016 5:54 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
Ok. This is what I had remembered and what I have semi-verified (depending on how accurate one thinks wikipedia is.).
The difference between a network switch and a network router is that a switch only forwards packets to the relevant devices. Not to all devices connected to it.
So even though TCP/IP is technically a broadcast network, switches eliminate that.
https://en.wikipedia.org/wiki/Network_switch
Note I had been careful to say "switch"...
And my understanding is that switches are much more typical that routers... 
_________________
chmod -R ugo-wx / |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Tue Feb 09, 2016 8:33 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9399
Location: US: west coast, almost. Otherwise, enroute.
|
This topic has strayed widely, and from specifics to generalities and back again.
The OP asked 'why doesn't MQ support floating (virtual) ip addresses?' MQ is indifferent to ipaddresses.
MQ presumes that you will specify correct ipaddresses in CONNAME(), or that DNS-names you specify will resolve (outside of MQ) to ipaddresses that work for you.
Ipaddresses are virtual - not hard-wired into NIC cards. Usually, ipaddresses are assigned by DHCP - an o/s-level facility. Assigned ipaddresses are advertised to routers and switches so that their end-points can be discovered in-flight. Similarly, failure of an end-device 'notifies' o/s-level services so that new (another) instance of the server can become the new destination. All of this is outside of MQs domain.
The OP asked how this works exactly. The 'exactly' part of the question depends on all sorts of things, nearly all outside of MQ, being configured to adequately support ipaddress failover.
Do ip packets race around the network? Yes, they will, until the appropriate end destination is found, or the packet is discarded because the end destination cannot be found.
This redbook (and doorstop) explains all of this http://www.redbooks.ibm.com/abstracts/gg243376.html
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Tue Feb 09, 2016 5:58 pm Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7717
|
| bruce2359 wrote: |
Do ip packets race around the network? Yes, they will, until the appropriate end destination is found, or the packet is discarded because the end destination cannot be found. |
So on my network, with thousands of servers across multiple data centers, if I ping one IP address, that packet is just going to go bouncing around between data centers hitting thousands of servers until by chance it finally hits the one NIC registered for that IP address? No, there has to be some degree of routing. Something has to tell the packet generally where to go to. Maybe within that smaller subset (subbnet?) the packet is free to be "caught" by the server which is the official owner of that IP at that time. And the VCS / MSCS / HACAMP firmware/software has the ability to make that happen, to changing the owning server of a particular virtual IP.
I think there is value if the MQ Appliance could do the same.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Tue Feb 09, 2016 6:50 pm Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9399
Location: US: west coast, almost. Otherwise, enroute.
|
A bit more.
Once the actual packet destination is discovered, future packets will take the best path to that destination. It is the responsibility of the network router to keep track of best path.
If the destination disappears, packets can not be delivered. If another server exists, its ipaddress needs to be advertised to the router or DNS.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Feb 10, 2016 6:17 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| PeterPotkay wrote: |
| bruce2359 wrote: |
Do ip packets race around the network? Yes, they will, until the appropriate end destination is found, or the packet is discarded because the end destination cannot be found. |
So on my network, with thousands of servers across multiple data centers, if I ping one IP address, that packet is just going to go bouncing around between data centers hitting thousands of servers until by chance it finally hits the one NIC registered for that IP address? No, there has to be some degree of routing. Something has to tell the packet generally where to go to. Maybe within that smaller subset (subbnet?) the packet is free to be "caught" by the server which is the official owner of that IP at that time. And the VCS / MSCS / HACAMP firmware/software has the ability to make that happen, to changing the owning server of a particular virtual IP.
I think there is value if the MQ Appliance could do the same. |
If your network is layered with routers, or more typically and better switches (!), then packets will traverse through the network tree structure, until they hit the subnet that contains the ip address in question.
They *will not* hit every server along the path through the network tree.
If the last node in the network tree is a *switch*, then packets *should not* hit every server on that switch.
_________________
chmod -R ugo-wx / |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Wed Feb 10, 2016 6:24 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY
|
| PeterPotkay wrote: |
| bruce2359 wrote: |
Do ip packets race around the network? Yes, they will, until the appropriate end destination is found, or the packet is discarded because the end destination cannot be found. |
So on my network, with thousands of servers across multiple data centers, if I ping one IP address, that packet is just going to go bouncing around between data centers hitting thousands of servers until by chance it finally hits the one NIC registered for that IP address? No, there has to be some degree of routing. Something has to tell the packet generally where to go to. Maybe within that smaller subset (subbnet?) the packet is free to be "caught" by the server which is the official owner of that IP at that time. And the VCS / MSCS / HACAMP firmware/software has the ability to make that happen, to changing the owning server of a particular virtual IP.
I think there is value if the MQ Appliance could do the same. |
Looks like you're getting the idea.
Let's set aside switches for now.
Each subnet is accessed through a router.
Routers talk to each other and communicate through the ARP (?)protocol. They direct and filter traffic.
The traffic is routed accordingly to the router table:
| Code: |
===========================================================================
Interface List
11...mac value ......Microsoft Wi-Fi Direct Virtual Adapter
21...mac value ......Microsoft Hosted Network Virtual Adapter
13...mac value ......Realtek PCIe GBE Family Controller
10...mac value ......Qualcomm Atheros AR9285 802.11b|g|n WiFi Adapter
19...mac value ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.4 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.4 266
192.168.0.4 255.255.255.255 On-link 192.168.0.4 266
192.168.0.255 255.255.255.255 On-link 192.168.0.4 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.4 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.4 266
===========================================================================
Persistent Routes:
None |
or the equivalent ip V6 table
| Code: |
===========================================================================
Interface List
11...mac value ......Microsoft Wi-Fi Direct Virtual Adapter
21...mac value ......Microsoft Hosted Network Virtual Adapter
13...mac value ......Realtek PCIe GBE Family Controller
10...mac value ......Qualcomm Atheros AR9285 802.11b|g|n WiFi Adapter
19...mac value ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
===========================================================================
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 4106 ::/0 fe80::2002:18e4:293d:e472
1 306 ::1/128 On-link
13 266 2002:44c2:b90c:e472::1001/128
On-link
13 266 fe80::/64 On-link
13 266 fe80::2085:b847:78c4:146a/128
On-link
1 306 ff00::/8 On-link
13 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None |
Your computer builds the routing table dynamically after speaking to your router. This happens via "broadcast" type packets in the subnet.
So what happens at this point is that you get a default path to talk to the rest of the world...
The general default is: if you don't have a more specific route, go and send the packet to this router (192.168.0.1) using this interface...(192.168.0.4 )
In IP V4 the network destination is shown either as a specific address or as the generic starting address for the subnet as defined by the mask.
You may have multiple routes for the same address and they will be tried in order of the metric value. (Lower metrics are tried first).
Each router has the same kind of table and this is how you know your route gets completed from source to destination.
If you want to see the different routers being hit you can try
tracert <destination>
or
traceroute <destination>
This usually gives you up to 30 hops...
IP V6 is a little bit more complex especially with on-link vs off link debate...
See https://www.google.com/search?q=arraylist&oq=arraylist+&es_sm=93&ie=UTF-8#q=ip+v6+%22on+link%22 for more details
So within each of those subnets your packets could potentially hit every computer in the subnet (barring the use of switches)...
Now back to your own subnet:
the currently active server will have to advertise it's IP to the router.
The router will then make note and route anything for that IP accordingly.
Just to give you an idea, with 15 hops and the assumption of router to router switches, using a home router... any packets sent between 2 hosts distant by those 15 hops would still be potentially seen by about 780 devices.
(Assumptions IPV4 : each endpoint has 254 attached devices, netmask would be 255.255.255.0 all across... main routers are on switched circuits...)
256 (home router) + 256 (isp router) + 13 (switched routers)+ 256(behind destination router) = 781 potential hosts... see the packets...
Hope this clarifies it somewhat for you...
_________________
MQ & Broker admin
Last edited by fjb_saper on Wed Feb 10, 2016 6:32 am; edited 1 time in total |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Feb 10, 2016 6:29 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| fjb_saper wrote: |
Let's set aside switches for now.
Each subnet is accessed through a router. |
Again, the behavior of switches and routers is significantly different. This difference is directly related to the question Peter is asking.
And if there are really enterprise networks that are using routers in a wide spread manner, then the networking staff is significantly under trained and even less well funded.
So, sure, by all means talk about routers. But don't think that it has anything to do with Peter's actual situation.
_________________
chmod -R ugo-wx / |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Wed Feb 10, 2016 6:46 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY
|
| mqjeff wrote: |
| fjb_saper wrote: |
Let's set aside switches for now.
Each subnet is accessed through a router. |
Again, the behavior of switches and routers is significantly different. This difference is directly related to the question Peter is asking.
And if there are really enterprise networks that are using routers in a wide spread manner, then the networking staff is significantly under trained and even less well funded.
So, sure, by all means talk about routers. But don't think that it has anything to do with Peter's actual situation. |
Not so much as Peter was asking about his huge net of more than thousands of servers... Switches just filter, unless they have also router capabilities...
So in your subnet you may have x switches. The number of devices seeing the packets between A and B in your subnet is the number of switches your packets have to traverse + 2 ...
Switches should be relatively transparent to address advertising...
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Wed Feb 10, 2016 7:11 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9399
Location: US: west coast, almost. Otherwise, enroute.
|
| mqjeff wrote: |
So, sure, by all means talk about routers. But don't think that it has anything to do with Peter's actual situation. |
I've lost sight of Peter's actual situation.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Feb 10, 2016 7:23 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| bruce2359 wrote: |
| mqjeff wrote: |
So, sure, by all means talk about routers. But don't think that it has anything to do with Peter's actual situation. |
I've lost sight of Peter's actual situation. |
He was still talking about routing packets to IP addresses.
_________________
chmod -R ugo-wx / |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Wed Feb 10, 2016 8:08 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9399
Location: US: west coast, almost. Otherwise, enroute.
|
| mqjeff wrote: |
| bruce2359 wrote: |
| mqjeff wrote: |
So, sure, by all means talk about routers. But don't think that it has anything to do with Peter's actual situation. |
I've lost sight of Peter's actual situation. |
He was still talking about routing packets to IP addresses. |
For purposes of curiosity? For throughput concerns?
MQ has near zero influence over packet transmission, while it might be the victim of poorly provisioned or configured networks.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Wed Feb 10, 2016 2:59 pm Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7717
|
| bruce2359 wrote: |
| mqjeff wrote: |
So, sure, by all means talk about routers. But don't think that it has anything to do with Peter's actual situation. |
I've lost sight of Peter's actual situation. |
I wanted to know how VCS and MCSC do this, to better understand why the MQ Appliance doesn't. Yet.
The scenario
Server #1 and Server #2 are in a VCS cluster
VIP#3 is managed by the VCS cluster and will get you to the active node of the cluster.
There is no load balancer involved.
I wanted to understand how the magic occurs. How does a packet know to get to Server #1 when the cluster and VIP#3 are owned by Server #1, to go to Server #2 when #2 owns the cluster group.
I admit I don't know squat about networks.
A typical answer is the vague "Well Server #1 owns that VIP#3 now, so that's where the packets will go."
Not good enough for me, because it implies every packet is trying to get to every server all the time and thru the process of single elimination eventually finds itself asking Server #1 if it knows what VIP#3 is. Obviously not true.
Finally understanding that:
| Quote: |
| "the VCS / MCS / HACAMP software / firmware has the ability to update the network gear so that the floating IP address (#3) is associated in the network with the correct node of the cluster (Server #1 or Server #2)." |
or
| Quote: |
| "expect the Server #2 to send a gratuitous arp, and the local router updates it’s tables associating Server #2’s mac address with IP #3. Then all traffic for #3 goes to Server #2. " |
Gratuitous arp?
| Quote: |
"It’s the server sending out an arp without anyone asking for it. Just announces “hey, I’ve got this IP”. Usually another station, like the router, will ask “who has IP x.y.a.b?” But here the router thinks it already knows (server #1), so server #2 sends out the arp so all stations on the segment know. "
|
Does this mean that Server #1 and Server #2 both need to be connected to the same router if either might own IP#3?
Or are there a gang of routers that all keep in sync, and you just need to ensure Server #1 and Server #2 are using routers from the same gang of routers?
| Quote: |
Well, they need to be on the same Ethernet segment. Which will usually have two routers, both will listen for ARPs to build their tables.
Here’s another thought: Your cluster could have a floating MAC address too. Depends how it is implemented. Then it changes slightly. The routers don’t change their tables (IP to MAC) in this case but the switches have to update their tables (MAC #3 lives on this port). The switches will update their tables as soon as they see the MAC coming from a new port.
|
These quotes are from post on the list serve or a network person I got a hold of in my company that I trust.
Clearly I am outside of my element, but I like to think I have a little better sense of what is happening now. I cannot accept any explanation that allows for any packet to randomly pinball throughout the network, hoping to be caught eventually by an eligible receiver.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Wed Feb 10, 2016 5:32 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY
|
It comes back to the current active server advertising its use of IP#3 and the current inactive server no longer accepting packets for IP#3.
This is usually part of the HA Software and gets triggered when you change side.
How does the server advertise its use of the IP? By sending the router an ARP msg.(TCP/IP level network layer)
And yes to make things easier all 3 ips (server 1, server 2, VIP) are usually in the same "logical" segment or sub net.
Your network routing setup can then force all traffic through the router in charge of that logical sub net.
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| Vitor |
| Posted: Thu Feb 11, 2016 6:18 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| fjb_saper wrote: |
| And yes to make things easier all 3 ips (server 1, server 2, VIP) are usually in the same "logical" segment or sub net. |
And that's not just because of HA. Typically like-purposed machines are placed on the same subnet to reduce the number of network "hops" (as very ably explained above) and to make isolation easier. It's much easier to firewall the Prod machines away from the test environments if you can identify then with a single subnet mask.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
