Configuring cluster nodes for connectionless MNCs
You can improve the performance of connectionless MNCs, such as ip-lan or ip-wdp, by using logical IP interfaces.
Before you begin
Logical IP interfaces are a means of associating more than one IP address with a given physical interface. Using logical IP interfaces enables subordinate nodes to bypass the principal node when they send data to a mobile device or SafeLinx Client. This bypass improves response times and reduces the processing load on the principal node.
The principal and subordinate nodes must have the same connectivity path. That is, do not locate subordinate nodes behind a firewall and separated from the principal node.To configure a logical IP interface, add an alias on the network interface card of the principle node for a cluster address to receive traffic from your clients. This cluster address is also used to configure a logical IP interface on the subordinate node that is associated with the loopback interface. Then, you edit the properties of the MNC on the primary node to bind to this cluster address. This direct bind causes the MNC on the principal node to listen for data by using the cluster address. Finally, configure your clients so they use the cluster address to send data to the SafeLinx Server.
About this task
Procedure
-
Add the cluster address as an alias to the primary network interface card (NIC) on the computer
of the principle node. See the following table for the procedure that applies to your operating
system.
Operating system Procedure Linux™ From a command line, type the following command:
ip addr add 204.67.172.72/24 dev eth0
Where 204.67.172.72 is the cluster address, 24 is the subnet mask, and eth0 is the name of the physical NIC.
Windows™ - Click .
- Click Change adapter settings, right-click the network connection that you want to modify, and then click Properties.
- Click Internet Protocol Version 4 (TCP/IPv4) and then click Properties.
- Click Advanced.
- In the IP addresses group, click Add, specify the alias IP address and subnet mask, and then click Add.
- Set your operating system so that the network settings are persistent after a restart of the system.
-
On all subordinate nodes, ensure that the subordinate loopback device does not answer ARP
requests.
Here are two examples of how to accomplish this step on Linux™ distributions:
- Red Hat Enterprise Linux
-
- Make sure that you installed arptables.
- Flush the ARP table for all subordinate nodes by running the command:
arptable -F
- Run the following command to reset all the chains:
/etc/init.d/arptables_jf stop
- Drop ARP replies for the cluster address for inbound traffic:
/sbin/arptables -A IN -j DROP -d
204.67.172.72, where 204.67.172.72 is the cluster address. - Add mangle rule to the outbound chain:
/sbin/arptables -A OUT -j mangle -o eth0 -s
204.67.172.72--mangle-ip-s
204.67.172.72. Where 204.67.172.72 is the cluster address. - Save the ARP table:
/etc/init.d/arptables_jf save
- Verify that the settings were added to the ARP table:
arptables -L -n -v
- Activate the chain:
/etc/init.d/arptables_jf start
- Alias the cluster address to the loopback
adapter:
Where 204.67.172.72 is the cluster address.ip addr add 204.67.172.72/32 dev lo
- SuSE Linux Enterprise Server
-
- From a command line, type the following
commands:
sysctl -w net.ipv4.conf.all.hidden=1 sysctl -w net.ipv4.conf.lo.hidden=1
- Alias the cluster address to the loopback
adapter:
Where 204.67.172.72/32 is the cluster address.ip addr add 204.67.172.72/32 dev lo
- From a command line, type the following
commands:
- Modify the properties of the MNC on the principal node. On the Network page, click the Bind port to a specific address check box, then enter the cluster address in the Address to bind to field. If you decide to bind to a different network interface card on the computer, restart the SafeLinx Server to have the change take effect. You might also create an MNC to which you bind the different address of the card.
- Ensure that the clients are configured to use the cluster address to send data to the SafeLinx Server.