[cdelgadop]

Hi

I'm working in the configuration of an active-passive HACMP cluster for SW SWIFT for a customer. Customer network is segmented in several VLANs. I have two nodes whose boot ip addresses are in a given VLAN, let's say 10.0.60.0/24 and the Service ip is in another VLAN, let's say 10.0.41.0/24.

How do you configure such a network ?? using access VLAN (TAG id is inserted into the packet by the switch port) or trunking (AIX must add the tag id using the VLAN objects you can create at OS level). I'm trying to configure using the trunking approach with no success at all, so i think i should use the otrher way..

Any help please.

TIA

[jmcphee]

Please don't flame me, this is just an opinion of an overworked sysadmin. But here it is...

This is going to be a constant headache for you unless you get a second interface and cable that into the second VLAN for your service IP. Or get the IP's on the same VLAN.

These are just options, and are buggier than all heck. I wouldn't run it in a production environment.

Some things to keep in mind when attempting vlan tagging:

Be sure to check that the network switch, the adapter, and the OS/driver all support VLAN trunking/tagging.

You're better off setting up a second virtual interface via VIO or an alias on the host for the service IP. That way when it hoses up terribly, you MAY still have network connectivity across the front. The last time I checked, VLAN tagging wasn't working on VIOS, so you'd have to do the tagging at the AIX level.

Instead of tagging at the OS, if your switch is smart enough, add an alias for the service interface, or if you're running VIOS, add a second virtual adapter. This has 2 advantages. 1, normally the sysadmin doesn't work on the switches, so a problem isn't your problem. and 2, switches tend to be focused on switching, so there's less to misconfigure. Don't be surprised if the network forgets about your special setup every now and again. It's not suppose to, but that's just the way of things.

[steevojb]

Hi there,

My thoughts on this topic

All the routable addresses within a HACMP configuration should reside on the same VLAN

I would configure

boot IP addresses on non-routable addresses, ie 10.0.0.1 and 10.0.0.2
persistent addresses (to allow you to communicate with the cluster nodes) on a routable subnet (different than your boot addresses)
a service label on the same subnet and vlan as your persistent address

HTH

Steve

[dh3235]

Hi there,

I have exactly this environment (multiple VLANs) and HACMP. There is no need for VLAN tagging.

The thing you need to get your head wrapped around, is to think of the VLAN as just a physical wired segment of your LAN. The VLAN has an IP network defined on it (10.0.41.0/24, your service IP VLAN), but that doesn't mean it won't switch other IP network traffic as well (say IP network 192.168.1.0/24) (again, just think of the VLAN as a physical ethernet wire). You just can't route your 192.168.1.0/24 network off the VLAN (which isn't needed anyway in HACMP for boot IPs).

So, given the above statements, you provision your AIX adapters into your service VLAN. Your boot addresses go on a non-used IP network (just has to be the same subnet mask as your service network) ie 192.168.1.0/24, your persistant and service IPs then get allocated from the VLAN network, ie 10.0.41.0/24.

Dave

[jmcphee]

If I understand the above scenario, you might as well just leave the interface down until you bring up its service IP, 'cause you can't route to it when it has its boot IP anyway. But it's a completely viable option if you don't mind not having that NIC on the net. Like if you have a maintenance LAN that you can get into. Or if you prefer to use a console device.

There may be some networking magic that can fix that, but I'm pretty sure that's where VLAN tagging comes in.

Let us know which way you go!

[cdelgadop]

Hi

Thanks for your answers. Actually i have applied what you have told me. I have configured both nodes with ip Address in the private net 192.168.10.x/24 with service and persistent in the 10.0.41.0/24 network. Only problem is that i cannot ssh to the nodes without HACMP services up and running. I can use the HMC console.

I'm using Etherchannel to protect networks (and planning to use NIB to eliminate the Switch as SPOF) so i can unplug ethernet cables and no failover is detected, when unplugging both cables there's a Node-Down even and active node goes to the passive one. We are using the disk hearbeat network, even though, we have also the Serial adapters to use as a second one.

This cluster is being configured to provide HA to the SWIFT application running on AIX 5.3. Do you know or have such a environment ?? Any advise ??

Thanks in advanced

[dh3235]

Hmm, you should be able to ssh to the persistant IP even without HA running.

Can you validate that you have the following entry in /etc/inittab:
harc:2:wait:/usr/es/sbin/cluster/etc/harc.net # HACMP for AIX network startup

On startup, connected via the HMC, before HA is started, can you post the output of netstat -in?

Is SSH configured to listen to all addresses (post output of netstat -an|grep "22.*LISTEN")?

Dave