We are in the process of migrating this forum. A new space will be available soon. We are sorry for the inconvenience.

HOWTO: Clean IP Failover/RIPE configuration notes


Jane
02-01-2011, 03:47 PM
Hi everybody.

Let me provide you a little bit more information about our warning emails of IP's.

Why we send it?
ARP flooding due to faulty configurations on server do too many 'NOISES' in the network.
So we try to advise everybody about the bad configurations.


You can find 3 cases of errors and here are the solutions:


1) You are using a failover ip WITHOUT a virtual mac as a simple ALIAS:

Use the good configuration for your Failover IP: http://help.ovh.ie/IpAlias
important is that you use the good netmask and the right broadcast!

1a) your IP's are a BLOC RIPE NOT SPLITTED:

use the netmask and broadcast that you have received in the email for the allocation of the bloc.


1b) if your IP's are issued from a bloc ripe and if the bloc ripe is SPLITTED and if you DON'T use a virtual mac:

the rules are the same as for a normal failover ip !! (see case 1)

Notice
A simple failover has not to use a GATEWAY. The ip is routed over the physical IP.

2) you use a failover ip WITH a virtual mac:

so you must ensure that the GATEWAY for the IP is the REAL gateway of your server.
Example:
if the IP of your server is: 91.121.xxx.129 the gateway of your server is 91.121.xxx.254

A failover WITH virtual mac on this host: 91.121.xxx.129 must use:
- 91.121.xxx.254 as gateway
- the assigned mac as mac for the virtual interface


3) you use a failover WITHOUT a virtual mac ON a VIRTUAL MACHINE throught 'NAT'

So your IP must NOT use the default gateway of server (ip.ser.ver.254) BUT the physical IP of your eth0!!
So the gateway for an IP failover in NAT mode is ip.of.your.server

VRACK customers did not use the explanations here. They have their OWN guides. http://help.ovh.co.uk/vrack!!
In vrack a lot of configurations and errors can be possible. This are too many cases to explain here but you are always welcome to ask us!



---
Some FAQ:

Why do I receive an alert for bad configuration when my IP works?

An IP can work and can have bad configuration. The IP works but not in the CLEAN way.
server1.ovh.net: 2 failovers with bad configuration
server2.ovh.net: 2 failovers with bad configuration
Sometimes server1.ovh.net ( or one of his failovers ) try to talk with an failover on server2.ovh.net.
Bad configuration do that this not work (error ARP because the router can not update his ARP table) .
We have ARP that has in our SLA. This is not normal and so we sent an email.

5 minutes later the server1.ovh.net talk directly to server2.ovh.net and the ARP table is updated. Than the error ARP disappears. But not your bad configuration and than after I time, is happen again.
So is important to fix this errors.


How can I see what is happen?

Using tcpdump and guides for each configuration can help.
First check if the configuration of your usage is as explained in the guide.
Then check in tcpdump what's wrong.



I hope my little message can help you to understand that we have a lot of possibility of errors and that we not can provide 1 solution for everybody.


Cheers,
Angie (Incident team)