[Linux-ha-dev] Food for thought: add something like cutter to IPaddr2 (or portblock?) RA
florian.haas at linbit.com
Mon Oct 13 05:38:44 MDT 2008
inspired by a discussion with the SerNet guys at Linux Kongress last
week, here's a thought I'd like to poll comments on.
Clustered Samba (with ctdb) currently uses its own cluster manager. Part
of the reason for this seems to be that none of the available cluster
managers (Heartbeat and RHCS at the time of implementation) had support
for what the Samba guys call "tickle ACKs". See
http://tinyurl.com/4kul8z for an article discussing this.
In a nutshell, they have to solve the issue of a Windows client waiting
for a reply in an established TCP connection to an IP address that has
shifted from one node to another. In their implementation, IIUC, they
send this "tickle ACK", so the client responds with a correct TCP
sequence number, upon which they can then follow up with an RST, forcing
the client to re-establish the session. If they didn't do that, the
client would essentially wait for the session to time out. The same
issue may apply to other TCP-based services.
Now I wonder if one could add functionality to the IPaddr2 RA to achieve
in essence the same thing. Suppose that triggered by an optional
resource parameter, IPaddr2 would invoke a mechanism similar to the one
employed by cutter (http://www.lowth.com/cutter/) after IP address
takeover. In conjunction with a TCP connection state replication utility
such as conntrackd (http://conntrack-tools.netfilter.org/), this should
enable the RA to actively cut off TCP connections to that IP address,
forcing a client reconnect. Cutter itself will only work on forwarded
connections, so unless one wants to change cutter, I wonder whether a
different tool would be of better use.
I haven't tested this much myself, but wanted to see if there are any
drawbacks or obvious dead ends here that I didn't think of before I
start to do so. So I'm thankful for any and all comments.
P.S.: Maybe this is better suited for the portblock RA rather than
IPaddr2; the same considerations would apply.
: Florian G. Haas
: LINBIT Information Technologies GmbH
: Vivenotgasse 48, A-1120 Vienna, Austria
More information about the Linux-HA-Dev