How to make server responds with virtual IP instead of physical IP.

Hello Expert,

We have a server that (server1)  needs to access the NFS App server.

It appears that the client (server1) starts communicating with the virtual IP on the NFS App server, but for some reason, the App server is changing to its interface IP during the conversation for some of the UDP connections.  The firewall will not allow this as it thinks that the connection has been hijacked by a different servers.

Here's an example:
10.2.163.73        server1          TCP: D=32943 S=2049     ACK=216583930 WIN=49232                                
    68   10.2.163.73        server1          TCP: D=32943 S=2049 FIN ACK=216583930 SEQ=1663147899 LEN=0 WIN=49232            
    69   server1            10.2.163.73       TCP: D=2049 S=32943     ACK=1663147900 WIN=66608                                

    70   server1          10.2.163.73       PMAP: C Get port PROG=100003(NFS), VERS=3, IP=17                                
    71   10.2.163.77        server1         PMAP: R PORT=2049 (Reply to 70)    >.>>> responded from .77 instead of .73                                      

    72   server1           10.2.163.73       RPC: C XID=1270833149 PROG=NFS VERS=3 PROC=0(Do nothing)                        
    73   10.2.163.77        server1         RPC: R XID=1270833149                                                          
    74   server1           10.2.163.73       PMAP: C Get port PROG=100005(Mount), VERS=1, IP=6      

server1= server needs to communicate with the app server.
app server has a virtual IP of  10.2.163.73 & physical IP of  10.2.163.77.
Both servers are running solaris 10.

When server1 tries to talk to 10.2.163.73  (virtual) but the respond came back from 10.2.163.77 (physical). Firewall doesn''t allow the communication.

Is there a way to make the app server respond from the Virtual Ip, instead of the physical IP.

Thanks,

B4    
bbbb44Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

turnbulldCommented:
Try adding this to /etc/sysctl.conf:

net.ipv4.conf.all.arp_filter = 1

This property forces the OS to treat each NIC as its own self for address resolution.  Without this setting, Linux may incorrectly use one NIC for another's traffic.

This fixes a very similar problem with physical NIC confusion.  I am a lot less sure whether it will affect how a virtual NIC is handled.
0
bbbb44Author Commented:
Hi,

The Os is solaris and not seeing the /etc/sysctl.conf file.

Also wondering if the settings from the Cisco firewall can be modified to bind/map these two IP together, so it will allow the communication going?

Thanks,

B4
0
turnbulldCommented:
Sorry, my bad; I missed that in your original post.

Solaris is different.  It will use the first NIC it has with a valid route.  That means your physical NIC will ALWAYS take precedence over the virtual since the virtual and the physical are on the same network.  About all you can do here that I know of is to set a static route with the route command.  Something like:

route net 10.2.163.0 10.2.163.73 0

This assumes the subnetmask for the network is 255.255.255.0.  I fnot, you'll need to alter the first address to properly identify the network.  

This will not be persistent across reboots.  To make it so, you'll have put the command ino an init script to run it on reboot and set it up to execute for run state 2.  Something like:

/etc/rc2.d/S99staticroute
0
Daniel VegaCommented:
It is a normal operation because of the round robin default method of load balancing because of the IPMP configuration. Maybe your network/firewall administrator can adjust the rules/policys on the firewall.

Regards,
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
RowleyCommented:
you might want to consider a static host route entry for the netapp as opposed to the whole netblock. If you're running a later version of Solaris 10, you can use the -p option to route to make the route persistent:

route -p add host [destination ip] [gateway ip]

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.