버추얼 박스 NIC bonding fail over 문제 해결 방법
버추얼 박스에서 본딩구성을 했음에도 정상적으로 절체가 안 될 때 해결방법
virtual box내에서도 eth를 여러개 설정한 후 centos LINUX의 bonding 구성으로 이중화 상태를 구현할 수 있다.
설정 VM 환경은 eth1, eth2를 bonding 구성했으며, 외부 네트워크의 영향을 덜 받기 위해 호스트 네트워크로 설정했다.
일반적으로 알려진 boding 구성을 아래와 같이 진행했다.
/etc/sysconfig/network-scripts/ifcfg-bond0
DEVICE=bond0
IPADDR=169.254.192.222
NETMASK=255.255.255.0
GATEWAY=169.254.192.1
ONBOOT=yes
BOOTPROTO=none
USERCTL=no
BONDING_OPTS="mode=1 miimon=100"
/etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=no
/etc/sysconfig/network-scripts/ifcfg-eth2
DEVICE=eth2
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=no
service network restart로 이중화 후 bonding 구성까지 완료했다.
gateway로 ping을 실행한 후 VM상에서 master로 설정된 eth의 케이블 연결을 해제했다.
cat /proc/net/bonding/bond0
Bonding Mode: fault-tolerance (active-backup)
Primary Slave: None
Currently Active Slave: eth2
MII Status: up
MII Polling Interval (ms): 1000
Up Delay (ms): 0
Down Delay (ms): 0
Slave Interface: eth1
MII Status: down
Link Failure Count: 1
Permanent HW addr: 08:00:27:12:e1:91
Slave Interface: eth2
MII Status: up
Link Failure Count: 0
Permanent HW addr: 08:00:27:49:9b:91
위의 설정값과 같이 bond0의 acive link가 eth1->eth2로 절체되었다.
하지만 문제는 eth2로 절체된 순간 bond0의 네트워크가 단절되어 버린다... 설정값만 정상일뿐 실제 네트워크는 장애상태로 빠진다.
구글링으로 알아본 결과 bonding 설정에서의 추가 옵션을 설정해야했다.
fail_over_mac의 설정값을 1로 설정하면 문제가 해결된다.
BONDING_OPTS="mode=1 miimon=100 fail_over_mac=1"
fail_over_mac은 절체 발생 시 기존 active 상태였던 eth의 MAC address를 그대로 승계하도록 하는 옵션이다.
현업에서는 스위치의 learning 과정을 없애기 위해 fail over 발생 시 기존 active의 mac을 그대로 사용하도록 하고있다.
fail_over_mac 설정 값 없이도 정상적으로 이중화가 잘 되는데 .. 왜 버추얼 박스에서만 이런 문제가 발생하는지 잘 모르겠다.
아래는 HP의 관련 문서이다.
http://support.hp.com/th-en/document/c02695249
Red Hat Enterprise Linux - What is the fail_over_mac Bonding Option?
InformationIn active backup bonding mode, the mac address of the bond interface is typically set to that of the first active slave interface. The bonding optionfail_over_mac can change this behavior. It is set in the BONDING_OPTS parameter in the file /etc/sysconfig/network-scripts/ifcfg-bondx file.
DetailsThe original default behavior is to set all slaves to the same mac address as that of the first active slave interface. But if the fail_over_mac is specified, it can be one of three settings: none which is the default setting "none", the other two are "active" or "follow".
none or 0:
This setting disables fail_over_mac, and causes bonding to set all slaves of an active-backup bond to the same MAC address at enslavement time. This is the default, and original behavior.
active or 1:
The "active" fail_over_mac policy indicates that the MAC address of the bond should always be the MAC address of the currently active slave. The MAC address of the slaves is not changed; instead, the MAC address of the bond changes during a failover.
This policy is useful for devices that cannot ever alter their MAC address, or for devices that refuse incoming broadcasts with their own source MAC (which interferes with the ARP monitor).
The down side of this policy is that every device on the network must be updated via gratuitous ARP, vs. just updating a switch or set of switches (which often takes place for any traffic, not just ARP traffic, if the switch snoops incoming traffic to update its tables) for the traditional method. If the gratuitous ARP is lost, communication may be disrupted.
When this policy is used in conjunction with the mii monitor, devices which assert link up prior to being able to actually transmit and receive are particularly susceptible to loss of the gratuitous ARP, and an appropriate updelay setting may be required.
An appropriate updelay setting may also be required if the switch has a forward delay period that might prevent the gratitous arp from being forwarded.
follow or 2:
The "follow" fail_over_mac policy causes the MAC address of the bond to be selected normally (normally the MAC address of the first slave added to the bond). However, the second and subsequent slaves are not set to this MAC address while they are in a backup role; a slave is programmed with the bond's MAC address at failover time (and the formerly active slave receives the newly active slave's MAC address).
This policy is useful for multiport devices that either become confused or incur a performance penalty when multiple ports are programmed with the same MAC address. Some switch security features such as the Cisco switch port security may have to configured so that the mac address moving to another port does not trigger a security lockout.