This site is now 100% read-only, and retired.

Making services easy to migrate: Virtual Addresses

Posted by Steve on Sat 1 Jan 2005 at 13:00

The Linux networking system allows one network card to have more than one IP address. This facility doesn't seem to be used very much but it's ideal for setting up services which you might wish to migrate to another host.

Generally speaking if you setup a new service you'll install it, and then create a new name in DNS to refer to it.

For example if you setup a chat server you might create a new hostname "chat" to refer to it.

Or if you setup a mail server for use by your company you might name the host smtp.company.com.

But what happens when you want to move the service to a new host?

Well in some cases, such as the mail server, you don't really care if some people are using the old service and some are on the new one - you just update DNS to make the name point to your replacement machine and don't really care if some clients still have the old information.

When it comes to a chat server though everybody should be on the same server, otherwise they won't see each other. So waiting for DNS updates to propogate is something that you wish to avoid.

One solution is to install a firewall and use "destination NATting" (DNAT) to redirect packets to your new host when they are addressed to your old one. But a simpler approach is to install the service on a virtual IP address to start with, then simple move that.

Under Linux network cards are numbered and are refered to by names such as eth0 for the first, and eth1 for the second.

But each device can have more than one address, such as eth0:1 for the first virtual address, or eth0:2 for the second.

Networking in Debian sets up addresses in /etc/network/interfaces.

The following shows that we have one IP address:

# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)

# The loopback interface
auto lo
iface lo inet loopback

# This machine's NIC
auto eth0
iface eth0 inet static
        address 192.168.1.50
        netmask 255.255.255.0
        gateway 192.168.1.1

This shows that we have one network interface eth0 which has a static IP address of 192.168.1.50.

We can add another address to the machine too, such as 192.168.1.60 by adding the following:

# Virtual Address
auto eth0:1
iface eth0:1 inet static
        address 192.168.1.60
        netmask 255.255.255.0

Make this active by running "/etc/init.d/networking restart" and you will have two IP addresses.

These can be seen by running /sbin/ifconfig:

root@undecided:/etc/network# ifconfig 
eth0      Link encap:Ethernet  HWaddr 00:0A:E6:EE:A7:7F  
          inet addr:192.168.1.50  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4323793 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4074519 errors:247 dropped:0 overruns:0 carrier:247
          collisions:19683 txqueuelen:1000 
          RX bytes:3197838762 (2.9 GiB)  TX bytes:1175758869 (1.0 GiB)
          Interrupt:11 Base address:0xe400 

eth0:1    Link encap:Ethernet  HWaddr 00:0A:E6:EE:A7:7F  
          inet addr:192.168.1.60  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:11 Base address:0xe400 

Both of these IP addresses are pingable, routable, and usable.

So what has this given us? Well it allows us to install a service which will bind itself to the new 192.168.1.60 address, (which we are presumably going to add as an entry in the DNS system), and be usable.

When we wish to move the service to another host we don't have to worry about updating DNS, or having people use the hardcoded IP address. Instead we simple move the IP address to another host.

On a new machine create a new virtual entry with the same address, and then remove it from the current machine. Voila, the service is moved!

No downtime, no waiting for DNS propogation, and no worries that people will be stuck.

 

 


DNS propogation
Posted by Serge (213.224.xx.xx) on Sat 1 Jan 2005 at 23:22
[ View Weblogs ]
It seemed this issues are primarily noted as problems through dns propagation.

I'd just like to note that using proper TTL's in the DNS zone (considering one has detailed control over his dns zone) can easily solve this issue as well. Lower the record TTL for the related hostname to a couple of hours days before the ligration, and lower it further to say 15 minutes during the hours before the switch to even 1-5 minutes during the hour you switch over. It won't be as perfect of course, but probably good enough.

This is especially handy when one is hosting services on public ip addresses, where public IP's are more rare.

It's probably also me having bad feelings over virtual ip addressing - which are in fact caused by the way Windows NT badly handles those...

*ducks* Serge van Ginderachter

[ Parent ]

I guess that's true
Posted by Steve (82.41.xx.xx) on Sun 2 Jan 2005 at 15:24
[ View Weblogs ]

I guess that's true, if you start using new addresses for each service such as www, smtp, pop3, imap then you can move them without having to worry about DNS at all.

I know the traditional approach to moving DNS is to drop the time to live (TTL) but I've had bad experiences in the past with Windows machines caching DNS information unnecessarily.

For many services, as I mention, it doesn't matter if you have some people using a new address and some an old, but for things like chat it's really important that everybody changes at the same time.

(One minor annoyence is somethings that ARP caches get confused and you have to flush them, but that's not a big deal on a LAN, and doesn't seem to apply when using public IPs).

Steve
-- Steve.org.uk

[ Parent ]

Virtual Address Names
Posted by Jamie (203.96.xx.xx) on Mon 3 Jan 2005 at 10:37
I've noticed that you can use short (4 char) names as well as numbers i.e. eth0:chat eth0:mail eth0:web etc. You can use longer than 4 char but ifconfig shows no more than this. This may or may not be a useful tip. :-) jamie

[ Parent ]

Interesting
Posted by Steve (82.41.xx.xx) on Mon 3 Jan 2005 at 11:11
[ View Weblogs ]

That's very interesting, and something I'd not seen documented anywhere.

Thanks for the tip!

Steve
-- Steve.org.uk

[ Parent ]

Re: Making services easy to migrate: Virtual Addre
Posted by cuco (195.28.xx.xx) on Tue 3 May 2005 at 20:10
Isn't using eth0:1 obsolete? I use ip a a 192.168.1.1/24 brd + dev eth0. However I haven't found a way for the second IP to "survive" a reboot ;(

[ Parent ]

Re: Making services easy to migrate: Virtual Addre
Posted by Steve (82.41.xx.xx) on Tue 3 May 2005 at 20:20
[ View Weblogs ]

I've not seen it documented anywhere that this is obsolete, and using the aliases in /etc/network/interfaces does persist across reboots.... Steve
-- Steve.org.uk

[ Parent ]

using ip command persistently
Posted by mnp (71.242.xx.xx) on Wed 6 Jul 2005 at 03:39
this creates two ip addresses on one network card
auto eth0
iface eth0 inet static
        address 10.2.3.4
        broadcast 10.2.3.255
        netmask 255.255.255.0
        gateway 10.2.3.1
        up   ip addr add 10.2.3.5/24 dev eth0
        down ip addr del 10.2.3.5/24 dev eth0

[ Parent ]

Re: using ip command persistently
Posted by Anonymous (212.55.xx.xx) on Wed 6 Jul 2005 at 06:41
Uh, hadn't thought of that at all! Good idea, an even "cleaner" way would be to create script(s) in /etc/network/if-{up,down}.d/ directories.

[ Parent ]

Re: using ip command persistently
Posted by Anonymous (69.17.xx.xx) on Wed 6 Jul 2005 at 12:38
btw, you also need to have the "iproute" package installed.

[ Parent ]

Re: using ip command persistently
Posted by ptecza (193.0.xx.xx) on Fri 2 Sep 2005 at 14:09
Hi!

I've tried your advice. It seems that it works.
However, I have one question to you. How can I
check all IP addresses for eth0 interface?
Unfortunately ifconfig shows me only first of them,
configured by 'address' keyword.

My best regards!

P.

[ Parent ]

Re: using ip command persistently
Posted by ptecza (193.0.xx.xx) on Fri 2 Sep 2005 at 15:52
I've found out that `ip a` shows it.

P.

[ Parent ]

RX and TX packets (bytes) for eth0:1 interface
Posted by ptecza (193.0.xx.xx) on Fri 2 Sep 2005 at 10:24
Hello Steve!

Is it way to check RX and TX packets (bytes) also for
eth0:1 interface?

Best regards!

P.

[ Parent ]

Re: RX and TX packets (bytes) for eth0:1 interface
Posted by Steve (82.41.xx.xx) on Fri 2 Sep 2005 at 13:35
[ View Weblogs ]

No, they don't appear to be available seperately.

Steve
-- Steve.org.uk

[ Parent ]

Re: RX and TX packets (bytes) for eth0:1 interface
Posted by ptecza (193.0.xx.xx) on Fri 2 Sep 2005 at 13:53
What a pity... Thank you very much for your reply!

Have a nice day! :)

P.

[ Parent ]

Re: Making services easy to migrate: Virtual Addresses
Posted by Anonymous (69.181.xx.xx) on Wed 26 Apr 2006 at 03:29
Does anybody know what kind of performance hit this causes? How does it scale with n IP addresses?

[ Parent ]

Re: Making services easy to migrate: Virtual Addresses
Posted by Anonymous (201.235.xx.xx) on Mon 11 Sep 2006 at 03:40
I�m trying this in my box to avoid downtime during the dns propagation in an ip change scenario (my DC is changing his ips).

Anyone knows if this is going to bring any problems with sendmail?

I�m hosting both ip and name based sites

thanks in advance!

[ Parent ]

Re: Making services easy to migrate: Virtual Addresses
Posted by Anonymous (213.165.xx.xx) on Fri 13 Feb 2009 at 13:33
Does Anyone know why my xen (domU/guest/virtual) machine does NOT have any ethX ?
How can I create the eth0 so I can have an IP address?
I also do not know what happened to all my NICs under my Host machine? I used to have 20 items under ifconfig but now I only have lo, dummy0, eth0 , eth1 and xenbr0. (I think this is my problem which have no idea where it came from??)

I have edited and edited my xen config file under /etc/xen/ but to no avail?!

when I use vif = in my config file the xen wont even boot (xm create -c).returns a vif creation fail.!




Any ideas would be appreciated.
I am new to Linux so thanks for your patience...
Regards;
Mehdi


[ Parent ]