Making services easy to migrate: Virtual Addresses
Posted by Steve on Sat 1 Jan 2005 at 13:00
The Linux networking system allows one network card to have more than one IP address. This facility doesn't seem to be used very much but it's ideal for setting up services which you might wish to migrate to another host.
Generally speaking if you setup a new service you'll install it, and then create a new name in DNS to refer to it.
For example if you setup a chat server you might create a new hostname "chat" to refer to it.
Or if you setup a mail server for use by your company you might name the host smtp.company.com.
But what happens when you want to move the service to a new host?
Well in some cases, such as the mail server, you don't really care if some people are using the old service and some are on the new one - you just update DNS to make the name point to your replacement machine and don't really care if some clients still have the old information.
When it comes to a chat server though everybody should be on the same server, otherwise they won't see each other. So waiting for DNS updates to propogate is something that you wish to avoid.
One solution is to install a firewall and use "destination NATting" (DNAT) to redirect packets to your new host when they are addressed to your old one. But a simpler approach is to install the service on a virtual IP address to start with, then simple move that.
Under Linux network cards are numbered and are refered to by names such as eth0 for the first, and eth1 for the second.
But each device can have more than one address, such as eth0:1 for the first virtual address, or eth0:2 for the second.
Networking in Debian sets up addresses in /etc/network/interfaces.
The following shows that we have one IP address:
# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)
# The loopback interface
auto lo
iface lo inet loopback
# This machine's NIC
auto eth0
iface eth0 inet static
address 192.168.1.50
netmask 255.255.255.0
gateway 192.168.1.1
This shows that we have one network interface eth0 which has a static IP address of 192.168.1.50.
We can add another address to the machine too, such as 192.168.1.60 by adding the following:
# Virtual Address
auto eth0:1
iface eth0:1 inet static
address 192.168.1.60
netmask 255.255.255.0
Make this active by running "/etc/init.d/networking restart" and you will have two IP addresses.
These can be seen by running /sbin/ifconfig:
root@undecided:/etc/network# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0A:E6:EE:A7:7F
inet addr:192.168.1.50 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4323793 errors:0 dropped:0 overruns:0 frame:0
TX packets:4074519 errors:247 dropped:0 overruns:0 carrier:247
collisions:19683 txqueuelen:1000
RX bytes:3197838762 (2.9 GiB) TX bytes:1175758869 (1.0 GiB)
Interrupt:11 Base address:0xe400
eth0:1 Link encap:Ethernet HWaddr 00:0A:E6:EE:A7:7F
inet addr:192.168.1.60 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:11 Base address:0xe400
Both of these IP addresses are pingable, routable, and usable.
So what has this given us? Well it allows us to install a service which will bind itself to the new 192.168.1.60 address, (which we are presumably going to add as an entry in the DNS system), and be usable.
When we wish to move the service to another host we don't have to worry about updating DNS, or having people use the hardcoded IP address. Instead we simple move the IP address to another host.
On a new machine create a new virtual entry with the same address, and then remove it from the current machine. Voila, the service is moved!
No downtime, no waiting for DNS propogation, and no worries that people will be stuck.
Managed AntiSpam
Fully managed filtering of your incoming email.
[ Send Message | View Serge's Scratchpad | View Weblogs ]
I'd just like to note that using proper TTL's in the DNS zone (considering one has detailed control over his dns zone) can easily solve this issue as well. Lower the record TTL for the related hostname to a couple of hours days before the ligration, and lower it further to say 15 minutes during the hours before the switch to even 1-5 minutes during the hour you switch over. It won't be as perfect of course, but probably good enough.
This is especially handy when one is hosting services on public ip addresses, where public IP's are more rare.
It's probably also me having bad feelings over virtual ip addressing - which are in fact caused by the way Windows NT badly handles those...
*ducks* Serge van Ginderachter
[ Parent | Reply to this comment ]
[ Send Message | View Steve's Scratchpad | View Weblogs ]
I guess that's true, if you start using new addresses for each service such as www, smtp, pop3, imap then you can move them without having to worry about DNS at all.
I know the traditional approach to moving DNS is to drop the time to live (TTL) but I've had bad experiences in the past with Windows machines caching DNS information unnecessarily.
For many services, as I mention, it doesn't matter if you have some people using a new address and some an old, but for things like chat it's really important that everybody changes at the same time.
(One minor annoyence is somethings that ARP caches get confused and you have to flush them, but that's not a big deal on a LAN, and doesn't seem to apply when using public IPs).
Steve
-- Steve.org.uk
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
[ Send Message | View Steve's Scratchpad | View Weblogs ]
That's very interesting, and something I'd not seen documented anywhere.
Thanks for the tip!
Steve
-- Steve.org.uk
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
[ Send Message | View Steve's Scratchpad | View Weblogs ]
I've not seen it documented anywhere that this is obsolete, and using the aliases in /etc/network/interfaces does persist across reboots.... Steve
-- Steve.org.uk
[ Parent | Reply to this comment ]
auto eth0
iface eth0 inet static
address 10.2.3.4
broadcast 10.2.3.255
netmask 255.255.255.0
gateway 10.2.3.1
up ip addr add 10.2.3.5/24 dev eth0
down ip addr del 10.2.3.5/24 dev eth0
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
I've tried your advice. It seems that it works.
However, I have one question to you. How can I
check all IP addresses for eth0 interface?
Unfortunately ifconfig shows me only first of them,
configured by 'address' keyword.
My best regards!
P.
[ Parent | Reply to this comment ]
P.
[ Parent | Reply to this comment ]
Is it way to check RX and TX packets (bytes) also for
eth0:1 interface?
Best regards!
P.
[ Parent | Reply to this comment ]
[ Send Message | View Steve's Scratchpad | View Weblogs ]
No, they don't appear to be available seperately.
Steve
-- Steve.org.uk
[ Parent | Reply to this comment ]
Have a nice day! :)
P.
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
Anyone knows if this is going to bring any problems with sendmail?
I´m hosting both ip and name based sites
thanks in advance!
[ Parent | Reply to this comment ]