• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 724
  • Last Modified:

MultiHoming Cluster and use NICs on different subnets using route.exe

I have a cluster made from 2x HP Proliant DL380 G3s and an MSA1000

The public interface is 172.17.3.171,255.255.255.240 with gateway 172.17.2.33 (VLAN 10)
The heartbeat is 192.168.254.30, 255.255.255.0 with no gateway

There is another NIC available and i want to use this to have backups run over a different VLAN - essentially i want traffic going to our backup servers to use a different NIC than the public one ie i would configure it as the backup interface, 172.31.74.71, 255.255.255.192 with gateway 172.31.74.65 (VLAN 80)
The backup server is on VLAN 80 already and is 172.31.74.74, 255.255.255.192 with gateway 172.31.74.65

I have tried configuring the NIC with and without the default gateway and tried adding a static route poitning to the backup server but cannot get this NIC and the backup servers to ping each other. I have added hosts entries for each serveron the other

I want to have all traffic to and from the cluster servers to use the public interface except backup traffic whic i want to use the other NIC so i will have a dedicated backup NIC on a dedicated backup VLAN

By the way, when i say Backup i mean data backup  to a server running backup exec

I have seen this done before but cannot work out why it doesnt work when i do it so i guess i'm doing it wrong

Thanks
0
Izattafact
Asked:
Izattafact
  • 4
  • 3
1 Solution
 
mlongohCommented:
Verify that the interface is not firewalled.  That's the cause of most of my ping problems (I always forget when setting up the interface and then smack myself in the head).

Make sure that the backup server's name resolves to the VLAN80 IP address and not some address that would take it through VLAN10.

Since this server and the backup server are on the same subnet, there should be no need for a default gateway, and frankly you should avoid having multiple default gateway settings on the system.  If you did have a need, then you'd need to use the ROUTE.EXE command to setup/configure some static routes, but it shouldn't be needed for your situation.

Because the target IP address is on a subnet that the machine is directly connected to, it should see that NIC as the shortest path to the target and communicate through it.  Now, you may have an issue if the backup server needs to initiate communication (as opposed to responding) to your server - it may take the public path because of name resolution.
0
 
IzattafactAuthor Commented:
this is exactly the way i thought it should work too but for some reason neither server sees the other at all - pinging directly by IP to rule out name resolution etc doesnt even work. I tried installing RRAS too and configuring it in there but that was even weirder as it dropped the Terminal session i was using (which would have been through the public interface) but didnt drop the clsuter or stop user access (i guess because the heartbeat was still connected it didnt see there was a problem)
Had to rilo onto the box and disable that NIC to get it working again

Totally confused as to why i cant get it to work
0
 
mlongohCommented:
OK, if neither interface is firewalled, then I'd eliminate the network as the culprit.  Assuming that you can physically get to the box (I'm not sure since you stated that you were using RDP and ILO to manage it), try to use a cross-over cable and a workstation and verify that you can ping the workstation and vice/versa (obviously you need to set the IP appropriately on the workstation).  If you can't get to the box, then do whatever you can to verify that the switch port that the NIC is connected to is on the correct VLAN.

0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
IzattafactAuthor Commented:
i've got a funny feeling this is all down to the internal routing on the server and how i add static routes for this subnet. Windows is supposed to be aware of evry network it has a connection to so to my mind, if i put the second NIC on VLAN 80 and give it its IP of 172.31.74.71, 255.255.255.192, then the OS should know that subnet's default gateway when it does the IP subnet MASK" logical AND" calculation. So i would expect any packets destined for that subnet to get there.

On the other end of the connection, the backup server is hard coded with IP, MASK AND gateway so even though the gateway address is its default first hop, because the two NICs are on the same subnet they should talk directly without using the gateway (unless the gateway IP is used at layer 2 to route between the switch hardware)  - is this correct?
0
 
IzattafactAuthor Commented:
turns out the vlans were not set up correctly and the vlan 80 was not allowed through the switch the cluster server was plugged into

now working a treat
0
 
mlongohCommented:
(Sorry for the delay response). Your understanding is correct.

When the server has two NICs, the IP address of the 2nd NIC (which has no default gateway value defined) becomes a defined route in the server's routing table (which is layer 3 - layer 2 is ethernet and there's no routing at that layer which is why layer 3 is needed).  This will then drive the traffic to the backup server via the 2nd NIC, assuming that you have the 2nd NIC's IP and subnet set correctly and that the VLAN is configured properly for the port that NIC2 is connected to.  I have had no problems with that working in the past outside of setting the the IP or subnet wrong (fat finger) or not having the VLAN configured properly for the port that I was plugged into.

You mention that pinging via IP address doesn't even work.  If you disable the 2nd NIC, can you ping the server via the primary NIC?  If it responds, then you have nothing at the server preventing a ping response and I'd have to suspect the VLAN or the IP/subnet configuration of the 2nd NIC.

Sorry to repeat myself, but you can elminate or confirm the VLAN by doing the cross-over connection between the 2nd NIC and another device (laptop) that's configured with the backup server's IP or another one on the same subnet.

There's always the possiblity that the backup server's software is responding via a new session to the server's name and resolving the name to the primary NIC's address.  In that scenario I'd set up a HOSTS file entry on the backup server that allows it to resolve the server's name to the 2nd NIC's address - this should take priority over the DNS lookup.  But that would have no bearing on your ability to ping - that would be if communciations worked from your perspective but the backup operation was still driving traffic across the main production network (instead of the backup network VLAN).

I hope this helps.

0
 
mlongohCommented:
LOL!  In the time it took me to write and post my last message, you got it figured out.  I'm glad.
0

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now