[OpenAFS] Multihomed issues

Jaap Winius jwinius@umrk.nl
Tue, 18 Jan 2011 05:24:15 +0100 

Quoting Derrick Brashear <shadow@gmail.com>:

> I kind of follow what you're saying here. However:
> 1) CellServDB is "where are database servers"
> 2) what's in the VLDB is "where are the volumes"
> so just because it appeared in 1, well, that has nothing to do with 2.
> mantra: "solve the real problem"

Makes sense. Right now I think the real problem is my DNS  
configuration: externally, each AFS server's host name resolves only  
to its public IP address, internally to both its private and public IP  
addresses.

> CellServDB on each host must list the addresses that the database
> servers are reachable at from *this* host. not what each believes
> their own address are. Make it so.

That would mean listing both its private IP address and its public IP  
address (which both resolve to the same name).

> e.g. a db server behind a nat would list its internal address for
> itself; one outside a nat would list the external address which you
> are port forwarding from. The internal server would include in NetInfo
> as its first line:
> f (external address)
> e.g.
> f 8.8.8.8
> if its external address was 8.8.8.8
> then whatever internal address

I don't think the "f" option applies in my situation. My servers  
aren't behind a NAT: they each have a public IP address via PPP; their  
broadband CPEs act as modems only. Both route between the Internet and  
an internal network and both run an iptables firewall that includes a  
NAT.

> NetRestrict could be used to mask unwanted addresses, *but* you
> probably want both addresses, the local and the external, so if there
> are these two only, mask none with NetRestrict.

So, in your opinion no NetRestrict file is necessary?

> Now, as to fileservers, the same tip(s) with NetInfo/NetRestrict
> apply.

So far, I currently have a server NetInfo file with the external  
address only (you think that should include the internal address too?)  
and a NetRestrict file containing the address for the internal network  
(which I gather you think it should not).

> Here, the CellServDB only *needs* to provide an address for at
> least one server, but ideally you still list, for each server, an
> address which reaches it.

Right not it contains only the external IP address for the other  
server, as well as it's own external IP address. The plan is to add an  
external address for a third server soon.

> vos delentry is for a VLDB entry, not a server, so you didn't remove
> any server addresses from the VLDB with it. remsite removes a server
> for a volume. delentry removes a whole volume entry. ...

Considering what I've seen, that would explain things.

> ... changeaddr -remove removes an address but probably still isn't
> what you want. make the fileserver register the addresses you want
> (using netinfo and netrestrict), start it and let it register. all
> will be well.

I'll try again tomorrow.

Thanks,

Jaap