Solaris IPMP配置

先解釋一下什麼是IPMP

IP網絡多路徑(IP networkmultipathing, IPMP)爲在同一IP鏈路上具有多個接口的系統提供物理接口故障檢測和透明網絡訪問故障轉移功能。IPMP還爲具有多個接口的系統提供了包負荷分配。通過IPMP，可以將一個或多個物理接口配置到IP多路徑組（IPMP組）中。配置IPMP後，系統將自動監視IPMP組中的接口是否出現故障。由於IPMP的工作原理，感覺這種方式有點浪費IP，而且配置比較麻煩，我還是比較喜歡SUSE LINUS下進行兩個綁定就可以實現的方式，簡單又方便，不會浪費IP，呵呵~~

IPMP是通過ICMP的請求應答（常說的PING）來判定接口有沒有出現故障的。通常先將需要互做備份的接口加入到同一個IPMP組中，然後需要在接口上各配置一個測試IP（這就是浪費IP的地方了......），測試IP就是用來PING默認網關的，如果網關有應答消息，則說明接口沒有故障，否則說明接口有故障，會將業務IP切換到備用接口上，備用接口代替原接口工作，原來接口故障恢復後會自動再切回去。下面是我做實驗的一個實際例子，我是在虛擬機上做的實驗，

IPMP組名 aa

192.168.100.222 業務IP

192.168.100.223 網卡1的測試IP

192.168.100.224 網卡2的測試IP

192.168.100.102 默認網關

網卡的配置如下：

# more hostname.e1000g0

192.168.100.222 group aa netmask 255.255.255.0 broadcast 192.168.100.255 up \

addif 192.168.100.223 deprecated -failover netmask 255.255.255.0 broadcast 192.1

68.100.255 up

# more hostname.e1000g1  

192.168.100.224 group aa netmask 255.255.255.0 broadcast 192.168.100.255 depreca

ted -failover standby up

# 

解釋一下，由於第二個接口是配置成待機接口，因此不配置業務IP，只配置測試IP，很明顯，當第一個接口出現故障時，業務ＩＰ會轉移到第二個接口上的某個子接口上，不過子接口可以看作是一個實在物理接口，所以不會影響業務使用；

addif 表示爲接口添加子接口，在這裏是指要在子接口上配置測試IP；

deprecated 指表示測試地址不用於外發包，防止應用程序使用該IP；

-failover 表示在接口出現故障時測試地址不進行故障轉移；

standby 將接口標記爲待機接口；

此時如果在主機上抓包，可以看到192.168.100.223和224在不停的發送ICMP Echo request給192.168.100.102

# snoop 192.168.100.102

Using device /dev/e1000g (promiscuous mode)

     e1000g1 -> 192.168.100.102 ICMP Echo request (ID: 35075 Sequence number: 1381)

192.168.100.102 -> e1000g1      ICMP Echo reply (ID: 35075 Sequence number: 1381)

     e1000g0 -> 192.168.100.102 ICMP Echo request (ID: 35074 Sequence number: 1283)

192.168.100.102 -> e1000g0      ICMP Echo reply (ID: 35074 Sequence number: 1283)

     e1000g1 -> 192.168.100.102 ICMP Echo request (ID: 35075 Sequence number: 1382)

192.168.100.102 -> e1000g1      ICMP Echo reply (ID: 35075 Sequence number: 1382)

     e1000g1 -> 192.168.100.102 ICMP Echo request (ID: 35075 Sequence number: 1383)

192.168.100.102 -> e1000g1      ICMP Echo reply (ID: 35075 Sequence number: 1383)

     e1000g0 -> 192.168.100.102 ICMP Echo request (ID: 35074 Sequence number: 1284)

192.168.100.102 -> e1000g0      ICMP Echo reply (ID: 35074 Sequence number: 1284)

     e1000g1 -> 192.168.100.102 ICMP Echo request (ID: 35075 Sequence number: 1384)

192.168.100.102 -> e1000g1      ICMP Echo reply (ID: 35075 Sequence number: 1384)

     e1000g0 -> 192.168.100.102 ICMP Echo request (ID: 35074 Sequence number: 1285)

192.168.100.102 -> e1000g0      ICMP Echo reply (ID: 35074 Sequence number: 1285)

說明兩個網卡都是正常的，所以業務IP會出現在e1000g0的子接口上

# ifconfig -a

lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1

        inet 127.0.0.1 netmask ff000000 

e1000g0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2

        inet 192.168.100.222 netmask ffffff00 broadcast 192.168.100.255

        groupname aa

        ether 0:c:29:8c:c1:2c 

e1000g0:1: flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER> mtu 1500 index 2

        inet 192.168.100.223 netmask ffffff00 broadcast 192.168.100.255

e1000g1: flags=69040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER,STANDBY,INACTIVE> mtu 1500 index 3

        inet 192.168.100.224 netmask ffffff00 broadcast 192.168.100.255

        groupname aa

        ether 0:c:29:8c:c1:36 

# 

接下來，把e1000g0 down掉，在虛擬機中實現很簡，在vmware上將第一塊網卡斷連就可以了，當然也可以用命令if_mpadm -d e1000g0將網卡強制failover

再抓包看看

# snoop 192.168.100.102

Using device /dev/e1000g (promiscuous mode)

     e1000g1 -> 192.168.100.102 ICMP Echo request (ID: 35075 Sequence number: 1665)

192.168.100.102 -> e1000g1      ICMP Echo reply (ID: 35075 Sequence number: 1665)

     e1000g1 -> 192.168.100.102 ICMP Echo request (ID: 35075 Sequence number: 1666)

192.168.100.102 -> e1000g1      ICMP Echo reply (ID: 35075 Sequence number: 1666)

     e1000g1 -> 192.168.100.102 ICMP Echo request (ID: 35075 Sequence number: 1667)

192.168.100.102 -> e1000g1      ICMP Echo reply (ID: 35075 Sequence number: 1667)

     e1000g1 -> 192.168.100.102 ICMP Echo request (ID: 35075 Sequence number: 1668)

192.168.100.102 -> e1000g1      ICMP Echo reply (ID: 35075 Sequence number: 1668)

     e1000g1 -> 192.168.100.102 ICMP Echo request (ID: 35075 Sequence number: 1669)

192.168.100.102 -> e1000g1      ICMP Echo reply (ID: 35075 Sequence number: 1669)

     e1000g1 -> 192.168.100.102 ICMP Echo request (ID: 35075 Sequence number: 1670)

192.168.100.102 -> e1000g1      ICMP Echo reply (ID: 35075 Sequence number: 1670)

     e1000g1 -> 192.168.100.102 ICMP Echo request (ID: 35075 Sequence number: 1671)

192.168.100.102 -> e1000g1      ICMP Echo reply (ID: 35075 Sequence number: 1671)

     e1000g1 -> 192.168.100.102 ICMP Echo request (ID: 35075 Sequence number: 1672)

192.168.100.102 -> e1000g1      ICMP Echo reply (ID: 35075 Sequence number: 1672)

192.168.100.102 -> e1000g1      ICMP Echo reply (ID: 35075 Sequence number: 1673)

     e1000g1 -> 192.168.100.102 ICMP Echo request (ID: 35075 Sequence number: 1673)

     e1000g1 -> 192.168.100.102 ICMP Echo request (ID: 35075 Sequence number: 1674)

192.168.100.102 -> e1000g1      ICMP Echo reply (ID: 35075 Sequence number: 1674)

只有e1000g1在向192.168.100.102發送ICMP Echo reply了

# ifconfig -a

lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1

        inet 127.0.0.1 netmask ff000000 

e1000g0: flags=19000842<BROADCAST,RUNNING,MULTICAST,IPv4,NOFAILOVER,FAILED> mtu 0 index 2

        inet 0.0.0.0 netmask 0 

        groupname aa

        ether 0:c:29:8c:c1:2c 

e1000g0:1: flags=19040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER,FAILED> mtu 1500 index 2

        inet 192.168.100.223 netmask ffffff00 broadcast 192.168.100.255

e1000g1: flags=29040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER,STANDBY> mtu 1500 index 3

        inet 192.168.100.224 netmask ffffff00 broadcast 192.168.100.255

        groupname aa

        ether 0:c:29:8c:c1:36 

e1000g1:1: flags=21000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,STANDBY> mtu 1500 index 3

        inet 192.168.100.222 netmask ffffff00 broadcast 192.168.100.255

# 

此時，192.168.100.222已經在e1000g1上去了

現在將第一張網卡恢復，會發現192.168.100.222又回到e1000g0上去了，說明故障恢復後，IPMP會將業務IP切換到已恢復的接口上

# snoop 192.168.100.102  

Using device /dev/e1000g (promiscuous mode)

     e1000g0 -> 192.168.100.102 ICMP Echo request (ID: 35074 Sequence number: 1743)

192.168.100.102 -> e1000g0      ICMP Echo reply (ID: 35074 Sequence number: 1743)

     e1000g1 -> 192.168.100.102 ICMP Echo request (ID: 35075 Sequence number: 1841)

192.168.100.102 -> e1000g1      ICMP Echo reply (ID: 35075 Sequence number: 1841)

     e1000g0 -> 192.168.100.102 ICMP Echo request (ID: 35074 Sequence number: 1744)

192.168.100.102 -> e1000g0      ICMP Echo reply (ID: 35074 Sequence number: 1744)

     e1000g1 -> 192.168.100.102 ICMP Echo request (ID: 35075 Sequence number: 1842)

192.168.100.102 -> e1000g1      ICMP Echo reply (ID: 35075 Sequence number: 1842)

^C# ifconfig -a

lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1

        inet 127.0.0.1 netmask ff000000 

e1000g0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2

        inet 192.168.100.222 netmask ffffff00 broadcast 192.168.100.255

        groupname aa

        ether 0:c:29:8c:c1:2c 

e1000g0:1: flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER> mtu 1500 index 2

        inet 192.168.100.223 netmask ffffff00 broadcast 192.168.100.255

e1000g1: flags=69040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER,STANDBY,INACTIVE> mtu 1500 index 3

        inet 192.168.100.224 netmask ffffff00 broadcast 192.168.100.255

        groupname aa

        ether 0:c:29:8c:c1:36 

# 

如果還有不清楚的，可以去sun網站上下些資料看看，http://docs.sun.com

當然在做實驗中也遇到些問題，有個問題到現在都還沒有解決，我最開始是將虛擬機的默認網關指向vmnet1的，vmnet1的網卡IP是192.168.100.1，但是實驗怎麼都不成功，後來抓包才發現原來是隻有PING請求，沒有應答，在自己電腦上對vmnet1抓包也可以看得到PING請求，只是我的電腦沒有響應，汗~~~電腦防PING了，檢查防火牆是關掉的，將360關了，只有個NOD32還在。。。這玩藝兒關不掉，只能禁用實時保護，結果還是不行。。我最後只能又啓一臺虛擬機192.168.100.102才做完實驗，這個問題，還請高手們賜教

Solaris我也不是很熟，還在探討中，可能其中有些地方理解得不對，還請高手們指教，先謝了