[OpenAFS] Multihomed issues
Tue, 18 Jan 2011 05:24:15 +0100
Quoting Derrick Brashear <email@example.com>:
> I kind of follow what you're saying here. However:
> 1) CellServDB is "where are database servers"
> 2) what's in the VLDB is "where are the volumes"
> so just because it appeared in 1, well, that has nothing to do with 2.
> mantra: "solve the real problem"
Makes sense. Right now I think the real problem is my DNS
configuration: externally, each AFS server's host name resolves only
to its public IP address, internally to both its private and public IP
> CellServDB on each host must list the addresses that the database
> servers are reachable at from *this* host. not what each believes
> their own address are. Make it so.
That would mean listing both its private IP address and its public IP
address (which both resolve to the same name).
> e.g. a db server behind a nat would list its internal address for
> itself; one outside a nat would list the external address which you
> are port forwarding from. The internal server would include in NetInfo
> as its first line:
> f (external address)
> f 220.127.116.11
> if its external address was 18.104.22.168
> then whatever internal address
I don't think the "f" option applies in my situation. My servers
aren't behind a NAT: they each have a public IP address via PPP; their
broadband CPEs act as modems only. Both route between the Internet and
an internal network and both run an iptables firewall that includes a
> NetRestrict could be used to mask unwanted addresses, *but* you
> probably want both addresses, the local and the external, so if there
> are these two only, mask none with NetRestrict.
So, in your opinion no NetRestrict file is necessary?
> Now, as to fileservers, the same tip(s) with NetInfo/NetRestrict
So far, I currently have a server NetInfo file with the external
address only (you think that should include the internal address too?)
and a NetRestrict file containing the address for the internal network
(which I gather you think it should not).
> Here, the CellServDB only *needs* to provide an address for at
> least one server, but ideally you still list, for each server, an
> address which reaches it.
Right not it contains only the external IP address for the other
server, as well as it's own external IP address. The plan is to add an
external address for a third server soon.
> vos delentry is for a VLDB entry, not a server, so you didn't remove
> any server addresses from the VLDB with it. remsite removes a server
> for a volume. delentry removes a whole volume entry. ...
Considering what I've seen, that would explain things.
> ... changeaddr -remove removes an address but probably still isn't
> what you want. make the fileserver register the addresses you want
> (using netinfo and netrestrict), start it and let it register. all
> will be well.
I'll try again tomorrow.