-1

I have a Virtual private cloud running on 10.0.0.x. In this network two machines share a virtual ip to provide HA and connection to the internet via aaa.bbb.ccc.164. There configs are:

Proxy1:

eth0:0    inet addr:aaa.bbb.ccc.164  Bcast:aaa.bbb.ccc.255  Mask:255.255.255.0
eth1      inet addr:10.0.0.10  Bcast:10.0.0.255  Mask:255.255.255.0

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         aaa.bbb.ccc.1   0.0.0.0         UG    100    0        0 eth0
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 eth1
aaa.bbb.ccc.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0

Proxy2:

eth0      Link encap:Ethernet  HWaddr da:00:07:b0:97:c7
          inet addr:aaa.bbb.ccc.26  Bcast:aaa.bbb.ccc.255  Mask:255.255.255.0
eth1      Link encap:Ethernet  HWaddr aa:01:41:b0:97:c7
          inet addr:10.0.0.50  Bcast:10.0.0.255  Mask:255.255.255.0

In this example Proxy1 holds the Virtual IP.

So behind these proxies, a couple of servers exists. At this moment default gateway is static configured to Proxy2, but when is one is unavailable, the internet can't be reached.

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.0.50       0.0.0.0         UG    100    0        0 eth1
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 eth1

So, I want them to route to the outside world via the virtual ip address. What will be the best way to accomplish this?

Emiel Lohr
  • 1
  • 3
  • What are you using to manage the virtual IP on the other side (.164) ? Can you not use the same mechanism on the 10.X.X.X side to make a virtual default gateway for the servers ? The only slightly more tricky part is making sure that in scenarios where the virtual IP has switched from one proxy to the other (say a network failure on a NIC) that the virtual IP on the other network switches over as well). – Jeremy Gibbons Jan 31 '16 at 10:25
  • I'm using hearbeat like described [here](https://www.digitalocean.com/community/tutorials/how-to-create-a-high-availability-setup-with-heartbeat-and-floating-ips-on-ubuntu-14-04) but I didn't follow this example. Maybe that's a possible solution, but I'll have to investigate that. Perhaps there are easier solutions like routing outgoing traffic to the external (virtual) network/ip. – Emiel Lohr Jan 31 '16 at 11:41
  • The page you indicated has a rather deceptive diagram at the top, as it really only deals with two servers sharing one IP (your proxies) but doesn't deal with any servers behind them. There are links at the bottom of the page for more advanced approaches (e.g. keepalived) or else you can probably make this work by adapting the approach they describe to do two assign-ip steps, one for the public IP, one for the 10.X.X.X IP facing the app servers. – Jeremy Gibbons Jan 31 '16 at 11:55
  • It is not clear to me what you are trying to do. The question makes no mention of any NAT being used in your network. However there are a few details in your question, which makes me suspect that you are using NAT, and just forgot to mention it. So you should make it clear whether any NAT is involved. Keeping state in sync between two NAT devices is not easy to get right, so I would recommend other options. – kasperd Feb 05 '16 at 12:19
  • @kasperd: I'm not using NAT. Which part in question does make you suspect that? – Emiel Lohr Feb 10 '16 at 08:36
  • @kasperd: What I'm trying to do is create a high-available cluster, accessible via a shared ip. This is working from the outside world to this cluster, but the way back to the outside world is not handled. So I've been trying to change the routing from the 10.0.0.x network to the world via the shared ip address, but failed to get this to work. – Emiel Lohr Feb 10 '16 at 08:43
  • @EmielLohr The question suggests you are using RFC 1918 addresses and want to communicate with the outside world. That would imply that you are using NAT. If that is not the case, I recommend you clarify the question. – kasperd Feb 10 '16 at 09:05

1 Answers1

0

What are you using to manage the virtual IP on the other side (.164) ? Can you not use the same mechanism on the 10.X.X.X side to make a virtual default gateway for the servers ? The only slightly more tricky part is making sure that in scenarios where the virtual IP has switched from one proxy to the other (say a network failure on a NIC) that the virtual IP on the other network switches over as well). – Jeremy Gibbons Jan 31 at 10:25

This is what did the trick for me.

Emiel Lohr
  • 1
  • 3