6 Replies Latest reply: Jul 30, 2014 9:51 AM by ra*326096*ul RSS

    ipmp standby interface

    ra*326096*ul

      Hi

       

      I have a  probe based ipmp configured on the server running Solaris 10. I  notice that there is traffic flowing  from the standby interface . I was of teh impression that standby interface  is not used to route active traffic

      Particularly all the multicast requests to (224.0.0.35)  seem to be  going through the standby  interface  Want to know from experts if this is  normal behaviour

       

      Appreciate any inputs on this

       

      TIA

        • 1. Re: ipmp standby interface
          Wcichy -Oracle

          Hi,

           

          Standby IPMP interface if this is a probe-based (so marked as DEPRECATED, NOFAILOVER) should pass only ICMP Echo packets, so the probing.

           

          The 224.0.0.35 multicast IP seems to be some kind of cluster handshake.

           

          Can you share the output of # ifconfig -a, # netstat -gn and confirm that there is nothing else visible except the 224.0.0.35?

           

          Cheers,

          Wojciech

          • 2. Re: ipmp standby interface
            ra*326096*ul

            There seems to other traffic also going through this interface

            There are  requests  like  following apart from the ICMP probe

            ...NBT NS Query Request for PHLDOMC00[20], Succes.......

            .....(broadcast)  ARP C Who is........

            ........-> 224.0.0.35   UDP D=45566 S=56404 LEN=162...........

             

            Below is the output of ifconfig and netstat

             

            vnet0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2

                    inet 156.30.179.128 netmask fffffe00 broadcast 156.30.179.255

                    groupname main

                    ether 0:14:4f:fa:36:3b

            vnet0:1: flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER> mtu 1500 index 2

                    inet 156.30.178.165 netmask fffffe00 broadcast 156.30.179.255

            vnet1: flags=69040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER,STANDBY,INACTIVE> mtu 1500 index 3

                    inet 156.30.178.166 netmask fffffe00 broadcast 156.30.179.255

                    groupname main

             

            ----------------------------------

            Group Memberships: IPv4

            Interface Group                RefCnt

            --------- -------------------- ------

            lo0       224.0.0.75               17

            lo0       224.0.0.1                 1

            vnet0     224.0.0.1                 1

            vnet0:1   224.0.0.75               17

            vnet0:1   224.0.0.1                 1

            vnet1     224.0.0.35               16

            vnet1     224.0.0.75               17

            vnet1     228.8.15.26               1

            vnet1     224.0.0.1                 1


            • 3. Re: ipmp standby interface
              Wcichy -Oracle

              Hi,

               

              Well, the most important thing is to determine if the traffic is inbound or outbound. Inbound traffic can happen, as you cannot block other machines to send broadcast or multicast frames over the wire, snoop will see that.

              Outbound traffic can also happen - ICMP probes, but any other possibility to have outbound traffic on DEPRECATED, NOFAILOVER, STANDBY and INACTIVE interface is to have an application(s) directly bound to that interface/IP address.

               

              Can you confirm if the visible traffic is inbound or outbound?

               

              Cheers,

              Wojciech

              • 4. Re: ipmp standby interface
                ra*326096*ul

                The  multicast  requests are both inbound and outbound . The below snoop output is from from ap01-prd but  the multicast packets seem to be routing  from  the standby interface in all these servers (ipmptest02)

                 

                -bash-3.00# snoop -P -d vnet0 |grep 224.0.0.35

                Using device vnet0 (non promiscuous)

                ^C

                -bash-3.00# snoop -P -d vnet1 |grep 224.0.0.35

                Using device vnet1 (non promiscuous)

                ap01-prd-ipmptest02 -> 224.0.0.35   UDP D=45566 S=54551 LEN=169

                ap01-prd-ipmptest02 -> 224.0.0.35   UDP D=45566 S=54548 LEN=167

                ap01-qa-ipmptest02 -> 224.0.0.35   UDP D=45566 S=56314 LEN=164

                ap01-qa-ipmptest02 -> 224.0.0.35   UDP D=45566 S=56404 LEN=304

                ap03-prd-ipmptest02-> 224.0.0.35   UDP D=45566 S=63371 LEN=344

                ap01-tst-ipmptest02-> 224.0.0.35   UDP D=45566 S=32880 LEN=307

                • 5. Re: ipmp standby interface
                  Wcichy -Oracle

                  The key to solve this riddle is to realize what kind of traffic is that.

                   

                  The 224.0.0.35 and UDP destination port 45566 points to some kind of Cluster. It might be a truth that the Cluster software is directly bound to that IP address/Interface.

                   

                  If the above is correct, it might be desired behavior.

                   

                  HTH,

                  Wojciech

                  • 6. Re: ipmp standby interface
                    Wcichy -Oracle

                    You may also want to change interfaces do the active one as standby, and standby as active and re-check the behavior.

                     

                     

                    Cheers,

                    Wojciech