750 likes | 765 Views
Enhance server network availability with simple methods to avoid service outages and boost system robustness. Explore link aggregation, configuration steps, and importance of Virtual IP interfaces.
E N D
High Available Network Implementation on System p IBM Infrastructure Support Services Customer SVC & Tech support IBM Korea
Importance of High Available Network infrastructure • “Service outage” is the one of key “failing factor” for tremendous business opportunities in highly competitive on-line business world. • Companies are spending more and more money for the availability for their key IT infrastructure using clustering, shared-DB environments, and even the backup data center (Disaster Recovery systems). • As a system administrator, you can easily upgrade the availability of your server network environments through simple and easy methods without any further “money”. • Deep understanding of these simple technology will make you manage many servers and services in more “robust” way. Customer SVC & Tech Support IBM Korea
Topics covered in this session • Link Aggregation (802.3ad, EtherChannel) • technical overview • configuration scenarios and steps (with CISCO switches) • performance and throughput of EtherChannel • dynamic feature of EtherChannel • MultiPath routing with Dead Gateway Detection (DGD) • introduction to the routing table of AIX • introduction to the MultiPath routing • implementing passive/active Dead Gateway Detection • Virtual IP interface (VIP) • introduction to the VIP • advantage of the VIP • implementing VIP with OSPF Customer SVC & Tech Support IBM Korea
Link Aggregation (802.3ad / EtherChannel) Technical Overview Customer SVC & Tech support IBM Korea
Link Aggregation • Several links among the network devices can be aggregated in many ways. The main purpose of the link aggregation is “to broaden the network bandwidth” not “to increase the speed of network links”. • Another benefit from the link aggregation technology is availability. Many physical ports and links are used for a particular point-to-point logical link, there may be a many backup links between the point-to-point endpoints. • There are many protocols to achieve the link aggregation. 802.3ad LACP, Cisco’s PAgP, and etc. But in most cases, the link aggregation requires some setup tasks in both end systems. • The solution for link aggregation for AIX is EtherChannel. AIX supports 802.3ad LACP and manual configurations. Also, it supports a explicit backup adapter through EtherChannel backup adapter. Customer SVC & Tech Support IBM Korea
Link Aggregation Link Aggregation (Trunking) is very easy to be seen between network switch devices. Usually many links are aggregated between them to get a more bandwidth between switches because of high traffics. This example shows an EtherChannel configuration with 2 main channels and 1 backup channel. By aggregating, now this System p box has a doubled network bandwidth and one standby backup link to the other switch. Customer SVC & Tech Support IBM Korea
EtherChannel in AIX • AIX supports IEEE 802.3 ad Link Aggregation Control Protocol (LACP) and manual aggregation. • Hardware address (MAC address) used in EtherChannel device is chosen to one of the hardware addresses from each adapter. More specifically, the hardware address of the adapter which join the EtherChannel as a main adapter first. Also, we can use the alternate hardware address if unique in the same network segment. • All the adapters in an EtherChannel must be connected to the same switch. EtherChannel configuration cannot span to multiple switches. • A backup adapter can be defined in an EtherChannel. The backup adapter can be connected to the different switch to increase the total availability. • Dynamic Adapter Membership (DAM) was added in AIX 5.2 with 5200-03. It allows adapters to be added or removed from an EtherChannel without having to disrupt any user connections. Customer SVC & Tech Support IBM Korea
Basic concept of an EtherChannel All EtherChannel adapters must be connected to the same switch. EtherChannel cannot span to multiple switches. But, 1 adapters can be connected to the different switch as a backup adapter. This link will be activated when all the main adapters can’t communicate with the primary switch. A backup link can be connected the other switch. This link shows “active” link status, but no packets are delivered through this link. It will be activated only when all the main adapters fail to send/receive packets. Switch also should be configured for EtherChannel because it also have to know those links are aggregated. If not, the mac-address table of this switch shows the “flapping”. Customer SVC & Tech Support IBM Korea
Considerations for configuring EtherChannel - 1 • You can have up to eight primary Ethernet adapters and only one backup adapter per EtherChannel • In AIX 5.2 and earlier, ifsize no parameter need to be increased. The default ifsize is only 8, and each adapter uses one interface and EtherChannel also uses one interface per EtherChannel. From AIX 5.2 and later, the default value has been increased to 256. • All adapters in the EtherChannel should be configured for the same speed and should be full-duplex mode. • The adapters used in the EtherChannel cannot be accessed by the system after EtherChannel is configured. To modify any of their attributes, such as media speed, transmit or receive queue sizes, and so forth, you must do so before including them in the EtherChannel. Customer SVC & Tech Support IBM Korea
Considerations for configuring EtherChannel -2 • The adapters that you plan to use for your EtherChannel must not have an IP address configured on them before you start this procedure. When configuring an EtherChannel with adapters that were previously configured with an IP address, make sure that their interfaces are in the detach state. • The underlying interface is configured before the EtherChannel when the machine is rebooted because the underlying interface is configured before the EtherChannel with the information found in ODM. • If you will be using 10/100 Ethernet adapters in the EtherChannel for AIX versions prior to AIX 5L version 5.2 with the 5200-03 Recommended Maintenance package, you may need to enable link polling on those adapters before you add them to the EtherChannel. Type smitty chgenet at the command line. Change the Enable Link Polling value to yes, and press Enter. Customer SVC & Tech Support IBM Korea
EtherChannel Options : Enable Alternate Address, Alternate Address • If you set Enable Alternate Address to yes, specify the MAC address that you want to use here. The address you specify must start with 0x and be a 12-digit hexadecimal address (for example, 0x001122334455). Optional. • If this option is not used, the MAC address is picked from one of the MAC addresses of each adapters which are in the same EtherChannel group. • MAC address of EtherChannel can be changed if the Ethernet adapter whose MAC address is used for EtherChannel is removed from the EtherChannel configuration. Customer SVC & Tech Support IBM Korea
Network adapters vs. interfaces An interface is the “software structure” which uses the corresponding network device through network device driver. TCP/IP stacks can only see the network interface for data traffics and network device driver is called by this interface structure. If EtherChannel is defined, new interface and device driver are created on top of the existing network device driver structure. For user view, a new network interface which seems to be the same as other normal network interface is created and become available. interface, ifnet() Network device driver, ndd() Customer SVC & Tech Support IBM Korea
Hardware (MAC) address of an EtherChannel The MAC address of EtherChannel device is chosen from one of the devices which is belonged to that EtherChannel device. Usually EtherChannel set up its MAC address to that of the first adapter of it. If once decided, the MAC address will be not changed until that device is removed from EtherChannel. In other words, the MAC address of EtherChannel can be changed in run time. Also, Alternative MAC address can be used for the EtherChannel device. You can easily set up the EtherChannel device with the MAC address which is chosen by you. But be careful not to use the already used one in the same network. interface, ifnet() Network device driver, ndd() 00.04.AC.3E.5A.57 00.04.AC.3E.5A.57 00.04.AC.3E.5A.57 00.04.AC.3E.5A.57 00.04.AC.3E.5A.61 Customer SVC & Tech Support IBM Korea
EtherChannel Options : Mode – Standard Mode • This is the default operation mode. • The Hash Mode value determines which data value is fed into this algorithm. For example, if the Hash Mode is “standard”, it will use the packet’s destination IP address. If this is 10.10.10.11 and there are 4 adapters in the EtherChannel, (11/4)=2 and remainder 3, so the forth adapter is used (the adapters are numbered starting from 0). The adapters are numbered in the order they are listed in the SMIT menu. Customer SVC & Tech Support IBM Korea
EtherChannel Options : Hash Mode Customer SVC & Tech Support IBM Korea
EtherChannel Options : Mode – round_robin • The EtherChannel will rotate through the adapters, giving each adapter one packet before repeating. • It will make the best use of its bandwidth. If you choose the round_robin mode, leave the Hash Mode value as default. Packets will be evenly distributed among the adapters in the same EtherChannel group. The packets may be sent out in a slightly different order than they were given to the EtherChannel, but it will make the best use of its bandwidth. Packet 1 Packet 2 Packet 3 Packet 4 Customer SVC & Tech Support IBM Korea
EtherChannel Options : Mode – round_robin • All outgoing traffic is spread evenly across all of the adapters in the EtherChannel. It provides the highest bandwidth optimization for the AIX server system. • While round-robin distribution is the ideal way to use all of the links equally, consider that it also introduces the potential for out-of-order packets at the receiving system. • In general, round_robin mode is ideal for back-to-back connections running jumbo frames. In this environment, there is no intervening switch, so there is no chance that processing at the switch could alter the packet delivery time, order, or adapter path. Customer SVC & Tech Support IBM Korea
EtherChannel Options : Mode – netif_backup (1) - Overview • This option is available only in AIX 5.1 and AIX 4.3.3. In this mode, the EtherChannel will activate only one adapter at a time. • The intention is that the adapters are plugged into different Ethernet switches, each of which is capable of getting to any other machine on the subnet or network. • In AIX 5.2 and later, you can configure multiple adapters in the primary EtherChannel and a backup adapter. • This mode is the only one that makes use of the Internet Address to Ping, Number of Retries, and Retry Timeout fields. Customer SVC & Tech Support IBM Korea
EtherChannel Options : Mode – netif_backup (2) – Differences Prior to AIX 5.2 After AIX 5.2 There are no distinction between Primary and backup channels. It just traverses all the adapters when the current primary channel fails. Now, explicit netif_backup mode in the configuration panel disappeared. You can define multiple main adapters and only one backup adapter. If active channel fails, one of the remaining adapters starts to operate. There is no need of setting up a switch for netif_backup. If all the main adapters fail, the backup adapter is used for all traffics. “Address to Ping” feature is used for checking the network path to the corresponding router. If reply to the ping request stops even though the adapter’s link status is active, next adapter will be used because it means the network path is inoperative. “Address to Ping” feature is used for checking the network path to the corresponding router. If reply to the ping request stops even though the main adapters’ link status is active, backup adapter will be used because it means the network path is inoperative. Gateway Gateway Customer SVC & Tech Support IBM Korea
EtherChannel Options : Mode – netif_backup (3) - Recovery • Lossless recovery : ensures that recovery from the backup adapter to the primary channel loses as few packets as possible. • Before lossless recovery, EtherChannel or IEEE802.3ad would recover to the primary channel at the same instant it detected the recovery of one of the primary adapters. In some cases, the adapter’s switch would not be in a state in which it could send or receive data, and some packets would get lost immediately after a recovery. • With lossless recovery, the EtherChannel or IEEE802.3ad adapter recovers to the primary channel only when it has been able to actually receive traffic on it. This ensures that the switch port is fully initialized and no packets get lost. • Lossless failover : modifies the behavior of the lossless recovery feature. • - When ping failures cause a failover, lossless recovery is observed by default. This involves a period of waiting until the inactive adapter’s switch receives traffic before finalizing the failover. If the noloss_failover attribute is set to no, however, ping failovers occur immediately. Customer SVC & Tech Support IBM Korea
EtherChannel Options : Mode – netif_backup (3) - Recovery • Automatic Recovery : After a failover from the primary channel to the backup adapter, EtherChannel or IEEE 802.3ad Link Aggregation automatically starts a recovery to the primary channel that failed when at least one of its adapters recovers. • This default behavior can be modified by setting the auto_recovery attribute to no. With this setting, the EtherChannel or IEEE 802.3ad Link Aggregation continues operating on the backup adapter after the failover. • Forced failovers : EtherChannel or IEEE 802.3ad Link Aggregation can be forced to fail over from the primary channel to the backup adapter, or from the backup adapter to the primary channel. • Forced failover work only if there is a backup adapter defined, and if the inactive channel is up and running. • To use this feature, enter smitty EtherChannel and select the Force A Failover In An EtherChannel / Link Aggregation option from the screen. Customer SVC & Tech Support IBM Korea
EtherChannel Options : Mode – IEEE 802.3ad • This option enables the use of the IEEE 802.3ad Link Aggregation Control Protocol (LACP) for automatic link aggregation. • Like EtherChannel, IEEE 802.3ad requires support in the switch. Customer SVC & Tech Support IBM Korea
EtherChannel Options : Mode – IEEE 802.3ad • In IEEE 802.3ad, the Link Aggregation Control Protocol (LACP) automatically tells the switch which ports should be aggregated. When an IEEE 802.3ad aggregation is configured, Link Aggregation Control Protocol Data Units (LACPDUs) are exchanged between the server machine and the switch. LACP will let the switch know that the adapters configured in the aggregation should be considered as one on the switch without further user intervention. • According to the IEEE 802.3ad specification, packets going to the same IP address are all sent over the same adapter. Thus, when operating in 8023ad mode, the packets will always be distributed in the standard fashion, never in a round-robin fashion. • The backup adapter feature is available for IEEE 802.3ad Link Aggregations just as it is for EtherChannel. The backup adapter does not need to be connected to an IEEE 802.3ad-enabled switch, but if it is, the backup adapter will still follow the IEEE 802.3ad LACP. Customer SVC & Tech Support IBM Korea
Link Aggregation (802.3ad / EtherChannel) Configuration with Scenarios and steps Customer SVC & Tech support IBM Korea
Lab configuration sw3560b sw3560a VLAN #1 (9.187.227.0/24) ronaldo rooney en2, 9.187.227.212 en2, 9.187.227.213 VLAN #2 (192.168.1.0/24) en3, 192.168.1.100 en3, 192.168.1.200 EtherChannel EtherChannel Customer SVC & Tech Support IBM Korea
EtherChannel Configuration – rooney, ronaldo system (802.3ad) Change / Show Characteristics of an EtherChannel / Link Aggregation Type or select values in entry fields. Press Enter AFTER making all desired changes. [Entry Fields] EtherChannel / Link Aggregation ent3 Parent Adapter NONE EtherChannel / Link Aggregation Adapters ent0,ent1 + Backup Adapter NONE + Automatically Recover to Main Channel yes + Perform Lossless Failover After Ping Failure yes + Delete Backup Adapter + Add Main Adapter + Delete Main Adapter + Add Backup Adapter + Enable Alternate Address no + Alternate Address [0x000000000000] + Enable Gigabit Ethernet Jumbo Frames no + Mode 8023ad + Hash Mode default + Internet Address to Ping [0] Number of Retries [3] +# Retry Timeout (sec) [1] +# Apply change to DATABASE only no + Customer SVC & Tech Support IBM Korea
EtherChannel Configuration – sw3560a, b switch (802.3ad) sw3560b#sh run Building configuration... Current configuration : 2237 bytes ! version 12.2 .... port-channel load-balance dst-ip .... interface Port-channel1 switchport access vlan 2 switchport mode access .... interface GigabitEthernet0/11 switchport access vlan 2 switchport mode access lacp port-priority 1 channel-group 1 mode passive spanning-tree portfast ! interface GigabitEthernet0/12 switchport access vlan 2 switchport mode access lacp port-priority 1 channel-group 1 mode passive spanning-tree portfast ! .... sw3560a#sh run Building configuration... Current configuration : 2237 bytes ! version 12.2 .... port-channel load-balance dst-ip .... interface Port-channel1 switchport access vlan 2 switchport mode access .... interface GigabitEthernet0/11 switchport access vlan 2 switchport mode access lacp port-priority 1 channel-group 1 mode passive spanning-tree portfast ! interface GigabitEthernet0/12 switchport access vlan 2 switchport mode access lacp port-priority 1 channel-group 1 mode passive spanning-tree portfast ! .... Customer SVC & Tech Support IBM Korea
EtherChannel verify – entstat command (802.3ad) ETHERNET STATISTICS (ent0) : Device Type: IBM 10/100 Mbps Ethernet PCI Adapter (23100020) Hardware Address: 00:04:ac:3e:5a:57 .... IEEE 802.3ad Port Statistics: ----------------------------- Actor System Priority: 0x8000 Actor System: 00-04-AC-3E-5A-57 Actor Operational Key: 0xBEEF Actor Port Priority: 0x0080 Actor Port: 0x0001 Actor State: LACP activity: Active LACP timeout: Long Aggregation: Aggregatable Synchronization: IN_SYNC Collecting: Enabled Distributing: Enabled Defaulted: False Expired: False Partner System Priority: 0x8000 Partner System: 00-19-06-69-8E-80 Partner Operational Key: 0x0001 Partner Port Priority: 0x0001 Partner Port: 0x000B Partner State: LACP activity: Passive LACP timeout: Long Aggregation: Aggregatable Synchronization: IN_SYNC Collecting: Enabled Distributing: Enabled Defaulted: False Expired: False Received LACPDUs: 275 Transmitted LACPDUs: 256 Received marker PDUs: 0 Transmitted marker PDUs: 0 Received marker response PDUs: 0 Transmitted marker response PDUs: 0 Received unknown PDUs: 0 Received illegal PDUs: 0 # entstat -d ent3 | more ------------------------------------------------------------- ETHERNET STATISTICS (ent3) : Device Type: IEEE 802.3ad Link Aggregation Hardware Address: 00:04:ac:3e:5a:57 Elapsed Time: 0 days 2 hours 6 minutes 46 seconds .... ------------------------------------------------------------------ Number of adapters: 2 Operating mode: Standard mode (IEEE 802.3ad) IEEE 802.3ad Link Aggregation Statistics: Aggregation status: Aggregated Received LACPDUs: 549 Transmitted LACPDUs: 512 Received marker PDUs: 0 Transmitted marker PDUs: 0 Received marker response PDUs: 0 Transmitted marker response PDUs: 0 Received unknown PDUs: 0 Received illegal PDUs: 0 Hash mode: Destination IP address ------------------------------------------------------------- .... Customer SVC & Tech Support IBM Korea
EtherChannel verify – CISCO 3560G switch (802.3ad) sw3560a#sh lacp internal Flags: S - Device is requesting Slow LACPDUs F - Device is requesting Fast LACPDUs A - Device is in Active mode P - Device is in Passive mode Channel group 1 LACP port Admin Oper Port Port Port Flags State Priority Key Key Number State Gi0/11 SP bndl 1 0x1 0x1 0xB 0x3C Gi0/12 SP bndl 1 0x1 0x1 0xC 0x3C sw3560a#sh EtherChannel detail Channel-group listing: ---------------------- Group: 1 ---------- Group state = L2 Ports: 2 Maxports = 16 Port-channels: 1 Max Port-channels = 16 Protocol: LACP Ports in the group: ------------------- Port: Gi0/11 ------------ Port state = Up Mstr Assoc In-Bndl Channel group = 1 Mode = Passive Gcchange = - Port-channel = Po1 GC = - Pseudo port-channel = Po1 Port index = 0 Load = 0x00 Protocol = LACP Flags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs. A - Device is in active mode. P - Device is in passive mode. Local information: LACP port Admin Oper Port Port Port Flags State Priority Key Key Number State Gi0/11 SP bndl 1 0x1 0x1 0xB 0x3C Partner's information: LACP port Oper Port Port Port Flags Priority Dev ID Age Key Number State Gi0/11 SA 128 0004.ac3e.5a57 23s 0xBEEF 0x1 0x3D Age of the port in the current state: 00d:02h:15m:49s Customer SVC & Tech Support IBM Korea
EtherChannel Configuration – rooney, ronaldo system (standard) Change / Show Characteristics of an EtherChannel / Link Aggregation Type or select values in entry fields. Press Enter AFTER making all desired changes. [Entry Fields] EtherChannel / Link Aggregation ent3 Parent Adapter NONE EtherChannel / Link Aggregation Adapters ent0,ent1 + Backup Adapter NONE + Automatically Recover to Main Channel yes + Perform Lossless Failover After Ping Failure yes + Delete Backup Adapter + Add Main Adapter + Delete Main Adapter + Add Backup Adapter + Enable Alternate Address no + Alternate Address [0x000000000000] + Enable Gigabit Ethernet Jumbo Frames no + Mode standard + Hash Mode default + Internet Address to Ping [0] Number of Retries [3] +# Retry Timeout (sec) [1] +# Apply change to DATABASE only no + Customer SVC & Tech Support IBM Korea
EtherChannel Configuration – sw3560a, b switch (standard) sw3560b#sh run Building configuration... Current configuration : 2237 bytes ! version 12.2 .... port-channel load-balance dst-ip .... interface Port-channel1 switchport access vlan 2 switchport mode access .... interface GigabitEthernet0/11 switchport access vlan 2 switchport mode access lacp port-priority 1 channel-group 1 mode on spanning-tree portfast ! interface GigabitEthernet0/12 switchport access vlan 2 switchport mode access lacp port-priority 1 channel-group 1 mode on spanning-tree portfast ! .... sw3560a#sh run Building configuration... Current configuration : 2237 bytes ! version 12.2 .... port-channel load-balance dst-ip .... interface Port-channel1 switchport access vlan 2 switchport mode access .... interface GigabitEthernet0/11 switchport access vlan 2 switchport mode access lacp port-priority 1 channel-group 1 mode on spanning-tree portfast ! interface GigabitEthernet0/12 switchport access vlan 2 switchport mode access lacp port-priority 1 channel-group 1 mode on spanning-tree portfast ! .... Customer SVC & Tech Support IBM Korea
Link Aggregation (802.3ad / EtherChannel) Performance and Throughput of EtherChannel Customer SVC & Tech support IBM Korea
Performance of EtherChannel • EtherChannel can’t increase the transmit speed of each links. It can just enlarge the network bandwidth between Ethernet adapters and switch ports/other Ethernet adapters. Speed Limit 100km/h # of passing cars 7000 cars/min Speed Limit 100km/h # of passing cars 4000 cars/min Customer SVC & Tech Support IBM Korea
Performance of EtherChannel • If we focus on single TCP connection, EtherChannel can’t give any benefit. But if we focus on total throughput, EtherChannel can give something. Moreover, it helps to increase the network availability very much. • Non-disrupt capacity extension is possible through EtherChannel. • Hash mode is very critical to EtherChannel’s performance. It should be picked with care because each system has different traffic patterns. A system may have a lot of client systems, while another system has a small number of client systems with many connection pairs among them. • Usually, round_robin mode in switch configuration is not recommended one, and dst_ip (default) and src_dst_port is a good point to start. Customer SVC & Tech Support IBM Korea
Simple test scenario “With FTP transmit” sw3560b sw3560a VLAN #1 (9.187.227.0/24) ronaldo rooney en2, 9.187.227.212 en2, 9.187.227.213 VLAN #2 (192.168.1.0/24) en3, 192.168.1.100 en3, 192.168.1.200, 192.168.1.201 EtherChannel EtherChannel Customer SVC & Tech Support IBM Korea
Simple test scenario • Simple ftp file transmission is used for test. • 3 files are transmitted sequentially. • First, single connection is used for transmission. Then, two ftp connections are used at the same time. Customer SVC & Tech Support IBM Korea
Simple test result – single connection Customer SVC & Tech Support IBM Korea
Simple test result – two connections Customer SVC & Tech Support IBM Korea
Simple test result Customer SVC & Tech Support IBM Korea
Transmit bandwidth (view from single connection) Customer SVC & Tech Support IBM Korea
Link Aggregation (802.3ad / EtherChannel) Dynamic Adapter Membership Customer SVC & Tech support IBM Korea
Dynamic Adapter Membership • Prior to AIX 5L version 2 with the 5200-03 Recommended Maintenance package, in order to add or remove an adapter from an EtherChannel, its interface first had to be detached, temporarily interrupting all user traffic. • One of the main adapter or a backup adapter can be added or deleted dynamically. Also all attributes except the jumbo frame flag can be changed dynamically. • It’s possible to create a one-adapter EtherChannel. A one-adapter EtherChannel behaves like a regular adapter; however, should this adapter ever fail, it is possible to replace it at runtime without ever losing connectivity. • Be careful. You have to delete the EtherChannel configuration in the switch side first if you want to remove one of the main adapters in your EtherChannel. Otherwise, EtherChannel may stop working. Customer SVC & Tech Support IBM Korea
MultiPath routing with Dead Gateway Detection Introduction to the routing table of AIX Customer SVC & Tech support IBM Korea
TCP/IP Routing • A route defines a path for sending packets through the internet network to an address on another network. It does not define the complete path, only the path segment from one host to a gateway that can forward packets to a destination. 9.187.216.0/24 147.46.80.211/24 9.187.215.111/24 Can you describe the routing table of server whose IP address 9.187.227.212 to communicate all the subnets in this diagram? 9.187.215.0/24 ROUTER 147.46.80.0/24 9.187.227.212/24 ROUTER L2 Switch Internet L2 Switch 9.187.227.0/24 147.46.90.0/24 9.187.227.213/24 Customer SVC & Tech Support IBM Korea
TCP/IP Routing 9.187.216.0/24 147.46.80.211/24 9.187.215.111/24 9.187.227.0 9.187.227.212 UHSb 0 0 en2 9.187.227/24 9.187.227.212 U 3 442 en2 9.187.227.212 127.0.0.1 UGHS 4 1232 lo0 9.187.227.255 9.187.227.212 UHSb 0 11 en2 127/8 127.0.0.1 U 9 3234 lo0 9.187.215.111 9.187.227.1 UGH 1 23 en2 9.187.216.0/24 9.187.227.1 UG 3 33 en2 147.46.80.0/24 9.187.227.1 UG 1 222 en2 147.46.90.0/24 9.187.227.1 UG 22 4333 en2 9.187.215.0/24 ROUTER 147.46.80.0/24 9.187.227.212/24 ROUTER L2 Switch Internet L2 Switch • Host Route • Network Route • default Route • loopback Route • broadcast route 9.187.227.0/24 147.46.90.0/24 9.187.227.213/24 Customer SVC & Tech Support IBM Korea
Static vs. Dynamic Routing • With static routing, you maintain the routing table manually using the route command. Static routing is practical for a single network communicating with one or two other networks. However, as your network begins to communicate with more networks, the number of gateways increases, and so does the amount of time and effort required to maintain the routing table manually. • With dynamic routing, daemons update the routing table automatically. Routing daemons continuously receive information broadcast by other routing daemons, and so continuously update the routing table. • TCP/IP of AIX provides two daemons for use in dynamic routing, the routed and gated daemon. The gated daemon supports RIP, RIPng, EGP, BGP and BGP4+, HELLO, OSPF, IS-IS, and ICMP and ICMPv6/Router Discovery routing protocols simultaneously. The routed daemon only supports RIP. Customer SVC & Tech Support IBM Korea
TCP/IP routing gateways • Gateways are a type of router. Routers connect two or more networks and provide the routing function. Some routers, for example, route at the network interface level or at the physical level. Gateways, however, route at the network level. • Gateways receive IP datagrams from other gateways or hosts for delivery to hosts on the local network, and route IP datagrams from one network to another. • Gateways route packets according to the destination network, not according to the destination host. Customer SVC & Tech Support IBM Korea
MultiPath routing with Dead Gateway Detection Introduction to the MultiPath routing Customer SVC & Tech support IBM Korea
MultiPath Routing • If the routing table of AIX has two or more duplicated destination network or host with equal cost, AIX looks those paths are basically the same except for gateway address. (From AIX 5L version 5.1) • Those duplicated routing entry with different gateway addresses are called “MultiPath Routing”. If the destination network or host is involved in the MultiPath routing, AIX spreads the traffics through those gateways according to the mpr_policy. • Prior to AIX 5L version 5.3, the policy can’t be changed and “Round-Robin” is the default value. • After AIX 5L version 5.3, mpr_policy can be set through no command and route command. 5 policies are available. Weighted Round-Robin (1), Random (2), Weighted Random (3), Lowest Utilization (4), and Hash-based (5). • MultiPath routing feature can’t be turned off. Customer SVC & Tech Support IBM Korea
Quick view of MultiPath routing # netstat -rn Routing tables Destination Gateway Flags Refs Use If Exp Groups Route Tree for Protocol Family 2 (Internet): default 192.168.1.2 UGA 0 0 en3 - - => default 192.168.1.1 UGA 0 0 en3 - - 9/8 9.187.227.1 UG 1 5375 en2 - - 9.187.227.0 9.187.227.212 UHSb 0 0 en2 - - => 9.187.227/24 9.187.227.212 U 0 4142130 en2 - - 9.187.227.212 127.0.0.1 UGHS 0 127 lo0 - - 9.187.227.255 9.187.227.212 UHSb 0 4 en2 - - 127/8 127.0.0.1 U 4 148 lo0 - - 192.168.1.0 192.168.1.100 UHSb 0 0 en3 - - => 192.168.1/24 192.168.1.100 U 0 7274873 en3 - - 192.168.1.100 127.0.0.1 UGHS 0 24 lo0 - - 192.168.1.255 192.168.1.100 UHSb 0 4 en3 - - Route Tree for Protocol Family 24 (Internet v6): ::1 ::1 UH 0 0 lo0 - - VLAN 2 : 192.168.1.1 VLAN 3 : 192.168.2.1 ronaldo 192.168.2.200/24 rooney 192.168.1.100/24 VLAN 2 : 192.168.1.2 VLAN 3 : 192.168.2.2 # netstat -rn Routing tables Destination Gateway Flags Refs Use If Exp Groups Route Tree for Protocol Family 2 (Internet): 9/8 9.187.227.1 UG 1 4029 en2 - - 9.187.227.0 9.187.227.213 UHSb 0 0 en2 - - => 9.187.227/24 9.187.227.213 U 0 1901742 en2 - - 9.187.227.213 127.0.0.1 UGHS 7 122 lo0 - - 9.187.227.255 9.187.227.213 UHSb 0 4 en2 - - 127/8 127.0.0.1 U 5 150 lo0 - - 192.168.1/24 192.168.2.1 UG 0 0 en3 - - => 192.168.1/24 192.168.2.2 UG 0 0 en3 - - 192.168.2.0 192.168.2.200 UHSb 0 0 en3 - - => 192.168.2/24 192.168.2.200 U 2 0 en3 - - 192.168.2.200 127.0.0.1 UGHS 0 0 lo0 - - 192.168.2.255 192.168.2.200 UHSb 0 0 en3 - - Route Tree for Protocol Family 24 (Internet v6): ::1 ::1 UH 0 0 lo0 - - Each server has one MultiPath route. Rooney has 2 default routes and ronaldo has 2 static routes for 192.168.1.0/24 network. We can easily verify the existence of MultiPath Routing with “=>” sign. It shows that there are another MultiPath routing entry in this routing table. Customer SVC & Tech Support IBM Korea