On Wed, Sep 9, 2009 at 4:08 AM, Jakov Sosic <jakov.sosic@xxxxxxx> wrote:
On Tue, 8 Sep 2009 17:34:11 -0500> of the following steps:*
Alan A <alan.zg@xxxxxxxxx> wrote:
> It has come to the point where our cluster production configuration
> has halted due to the unexpected issues with multicasting on LAN/WAN.
>
> The problem is that the firewall enabled on the switch ports does not
> support multicasting, and between cluster nodes and the routers lays
> firewall.
>
> Nodes -> Switch with integrated Firewall devices -> Router
>
> We are aware of problems encountered with Cisco switches and are
> trying to clear some things. For instance in RHEL Knowledgebase
> article 5933 it states:
>
> *The recommended method is to enable multicast routing for a given
> vlan so that the Catalyst will act as the IGMP querier. This consists
>
> * *
>
> 1.
>
> *Enabling multicast on the switch globally*
> 2.
>
> *Choosing the vlan the cluster nodes are using*
> 3.
>
> *Turning on PIM routing for that subnet*
>It seems that I was right with my diagnostics :D
>
> My Questions:
>
> Can we enable PIM routing on the Server NIC itself without using
> dedicated network device? Meaning IGMP multicast would be managed by
> the NIC's itself from each node, can the nodes awarnes function this
> way?
>
> Any suggestions on how to get around firewall issue without purchesing
> firewalls with routing tables?
>
> Cisco switch model is: switch 6509 running 12.2(18) SXF and IGMP v2.
Why don't you create VLAN with private subnet addresses, in for example
10.0.0.0/8, and allow PIM on that VLAN, and trunk it with regular
wlan that you use now. And then configure RHCS to heartbeat over
this new private VLAN with enabled PIM? You wouldn't need the firewall
because the VLAN would be used only for cluster communication, and it
could be fully isolated. It does not need to be routed at all - because
heartbeat packages go only between nodes. So no external access to that
VLAN would be enabled. It's perfectly safe.
If you need help on configuring either Cisco 6500 or RHEL for VLAN
trunking please ask. Take a look at 802.1Q standard to understand the
issue:
http://en.wikipedia.org/wiki/IEEE_802.1Q
--
| Jakov Sosic | ICQ: 28410271 | PGP: 0x965CAE2D |
=================================================================
| start fighting cancer -> http://www.worldcommunitygrid.org/ |
--
Linux-cluster mailing list
Linux-cluster@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/linux-cluster
--
Alan A.
-- Linux-cluster mailing list Linux-cluster@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/linux-cluster