.\" Title: ctdbd
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-.\" Date: 03/18/2009
+.\" Date: 03/19/2009
.\" Manual:
.\" Source:
.\"
-.TH "CTDBD" "1" "03/18/2009" "" ""
+.TH "CTDBD" "1" "03/19/2009" "" ""
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
There are two ways to solve this problem\. The first is by assigning a static ip address for one public interface on every node which will allow every node to be able to route traffic to the public network even if there are no public addresses assigned to the node\. This is the simplest way but it uses up a lot of ip addresses since you have to assign both static and also public addresses to each node\.
.SS "NAT\-GW"
.PP
-A second way is to use the built in NAT\-GW feature in CTDB\. With NAT\-GW only one extra address is required for the entire cluster instead of one address per node\.
+A second way is to use the built in NAT\-GW feature in CTDB\. With NAT\-GW only one extra address is required for the entire cluster instead of one address per node\. This extra address is dedicated to traffic that originates from the cluster and is destined for the external network\.
.PP
In NAT\-GW one of the nodes in the cluster is designated the NAT Gateway through which all traffic that is originated in the cluster will be routed through if the public addresses are not available\.
.SS "Configuration"
# to use NAT MASQUERADING for all traffic from the internal private network
# to the external network\. This node is the NAT\-GW node\.
#
-# All other nodes are set up with policy routing so that all traffic with
-# a source address of the private network and a destination outside of
-# the private network are instead routed through the NAT\-GW node\.
+# All other nodes are set up with a default rote with a metric of 10 to point
+# to the nat\-gw node\.
#
# The effect of this is that only when a node does not have a public address
-# or a route to the external network will the node use the private address
-# as the source address and only then will it use the policy routing
-# through the NAT\-GW\.
-# As long as a node has a public address and can route to the external network
-# the node will always pick the public address as the source address and NAT\-GW
-# routing will not be used\.
-#NATGW_PUBLIC_IP=10\.0\.0\.227/24
-#NATGW_PUBLIC_IFACE=eth0
-#NATGW_DEFAULT_GATEWAY=10\.0\.0\.1
-#NATGW_PRIVATE_IFACE=eth1
-#NATGW_PRIVATE_NETWORK=10\.1\.1\.0/24
+# and thus no proper routes to the external world it will instead
+# route all packets through the nat\-gw node\.
+#
+# NATGW_PUBLIC_IP=10\.0\.0\.227/24
+# NATGW_PUBLIC_IFACE=eth0
+# NATGW_DEFAULT_GATEWAY=10\.0\.0\.1
+# NATGW_PRIVATE_IFACE=eth1
+# NATGW_PRIVATE_NETWORK=10\.1\.1\.0/24
.fi
.RE
.PP
The NAT\-GW node is assigned the NATGW_PUBLIC_IP to the designated interface and the provided default route\. The NAT\-GW is configured to act as a router and to masquerade all traffic it receives from the internal private network and which is destined to the external network(s)\.
.PP
-All other nodes are configured with policy routing so that all outgoing packets that have a source ip address belonging to the private network (which means they are not routable from the public network) are instead sent on to the designated NAT\-GW host instead of using the normal routing table\.
+All other nodes are configured with a default route of metric 10 pointing to the designated NAT GW node\.
.PP
This is implemented in the 11\.natgw eventscript\. Please see the eventscript for further information\.
.SH "SEE ALSO"
</p><div class="refsect2" lang="en"><a name="id2529493"></a><h3>NAT-GW</h3><p>
A second way is to use the built in NAT-GW feature in CTDB.
With NAT-GW only one extra address is required for the entire cluster
- instead of one address per node.
+ instead of one address per node. This extra address is dedicated
+ to traffic that originates from the cluster and is destined for the
+ external network.
</p><p>
In NAT-GW one of the nodes in the cluster is designated the NAT Gateway
through which all traffic that is originated in the cluster will be
- routed through if the public addresses are not available.
- </p></div><div class="refsect2" lang="en"><a name="id252951
2"></a><h3>Configuration</h3><p>
+ routed through if the public addresses are not available.
+ </p></div><div class="refsect2" lang="en"><a name="id252951
4"></a><h3>Configuration</h3><p>
NAT-GW is configured in /etc/sysconfig/ctdb by setting the following
variables:
</p><pre class="screen">
# to use NAT MASQUERADING for all traffic from the internal private network
# to the external network. This node is the NAT-GW node.
#
-# All other nodes are set up with policy routing so that all traffic with
-# a source address of the private network and a destination outside of
-# the private network are instead routed through the NAT-GW node.
+# All other nodes are set up with a default rote with a metric of 10 to point
+# to the nat-gw node.
#
# The effect of this is that only when a node does not have a public address
-# or a route to the external network will the node use the private address
-# as the source address and only then will it use the policy routing
-# through the NAT-GW.
-# As long as a node has a public address and can route to the external network
-# the node will always pick the public address as the source address and NAT-GW
-# routing will not be used.
-#NATGW_PUBLIC_IP=10.0.0.227/24
-#NATGW_PUBLIC_IFACE=eth0
-#NATGW_DEFAULT_GATEWAY=10.0.0.1
-#NATGW_PRIVATE_IFACE=eth1
-#NATGW_PRIVATE_NETWORK=10.1.1.0/24
- </pre></div><div class="refsect2" lang="en"><a name="id2529559"></a><h3>NATGW_PUBLIC_IP</h3><p>
+# and thus no proper routes to the external world it will instead
+# route all packets through the nat-gw node.
+#
+# NATGW_PUBLIC_IP=10.0.0.227/24
+# NATGW_PUBLIC_IFACE=eth0
+# NATGW_DEFAULT_GATEWAY=10.0.0.1
+# NATGW_PRIVATE_IFACE=eth1
+# NATGW_PRIVATE_NETWORK=10.1.1.0/24
+ </pre></div><div class="refsect2" lang="en"><a name="id2529555"></a><h3>NATGW_PUBLIC_IP</h3><p>
This is an ip address in the public network that is used for all outgoing
traffic when the public addresses are not assigned.
This address will be assigned to one of the nodes in the cluster which
will masquerade all traffic for the other nodes.
</p><p>
Format of this parameter is IPADDRESS/NETMASK
- </p></div><div class="refsect2" lang="en"><a name="id24761
34"></a><h3>NATGW_PUBLIC_IFACE</h3><p>
+ </p></div><div class="refsect2" lang="en"><a name="id24761
28"></a><h3>NATGW_PUBLIC_IFACE</h3><p>
This is the physical interface where the NATGW_PUBLIC_IP will be
assigned to. This should be an interface connected to the public network.
</p><p>
Format of this parameter is INTERFACE
- </p></div><div class="refsect2" lang="en"><a name="id24761
50"></a><h3>NATGW_DEFAULT_GATEWAY</h3><p>
+ </p></div><div class="refsect2" lang="en"><a name="id24761
44"></a><h3>NATGW_DEFAULT_GATEWAY</h3><p>
This is the default gateway to use on the node that is elected to host
the NATGW_PUBLIC_IP. This is the default gateway on the public network.
</p><p>
Format of this parameter is IPADDRESS
- </p></div><div class="refsect2" lang="en"><a name="id247616
6"></a><h3>NATGW_PRIVATE_IFACE</h3><p>
+ </p></div><div class="refsect2" lang="en"><a name="id247616
0"></a><h3>NATGW_PRIVATE_IFACE</h3><p>
This is the interface used for the interal private network.
</p><p>
Format of this parameter is INTERFACE
- </p></div><div class="refsect2" lang="en"><a name="id24761
80"></a><h3>NATGW_PRIVATE_NETWORK</h3><p>
+ </p></div><div class="refsect2" lang="en"><a name="id24761
74"></a><h3>NATGW_PRIVATE_NETWORK</h3><p>
This is the network/netmask used for the interal private network.
</p><p>
Format of this parameter is IPADDRESS/NETMASK
- </p></div><div class="refsect2" lang="en"><a name="id24761
94"></a><h3>Operation</h3><p>
+ </p></div><div class="refsect2" lang="en"><a name="id24761
88"></a><h3>Operation</h3><p>
When the NAT-GW fiunctionality is used, one of the nodes is elected
to act as a NAT router for all the other nodes in the cluster when
they need to originate traffic to the external public network.
to act as a router and to masquerade all traffic it receives from the
internal private network and which is destined to the external network(s).
</p><p>
- All other nodes are configured with policy routing so that all outgoing
- packets that have a source ip address belonging to the private network
- (which means they are not routable from the public network) are instead
- sent on to the designated NAT-GW host instead of using the normal
- routing table.
+ All other nodes are configured with a default route of metric 10 pointing
+ to the designated NAT GW node.
</p><p>
This is implemented in the 11.natgw eventscript. Please see the
eventscript for further information.
- </p></div></div><div class="refsect1" lang="en"><a name="id24762
30"></a><h2>SEE ALSO</h2><p>
+ </p></div></div><div class="refsect1" lang="en"><a name="id24762
21"></a><h2>SEE ALSO</h2><p>
ctdb(1), onnode(1)
<a class="ulink" href="http://ctdb.samba.org/" target="_top">http://ctdb.samba.org/</a>
- </p></div><div class="refsect1" lang="en"><a name="id24762
43"></a><h2>COPYRIGHT/LICENSE</h2><div class="literallayout"><p><br>
+ </p></div><div class="refsect1" lang="en"><a name="id24762
34"></a><h2>COPYRIGHT/LICENSE</h2><div class="literallayout"><p><br>
Copyright (C) Andrew Tridgell 2007<br>
Copyright (C) Ronnie sahlberg 2007<br>
<br>
<para>
A second way is to use the built in NAT-GW feature in CTDB.
With NAT-GW only one extra address is required for the entire cluster
- instead of one address per node.
+ instead of one address per node. This extra address is dedicated
+ to traffic that originates from the cluster and is destined for the
+ external network.
</para>
<para>
In NAT-GW one of the nodes in the cluster is designated the NAT Gateway
through which all traffic that is originated in the cluster will be
- routed through if the public addresses are not available.
+ routed through if the public addresses are not available.
</para>
</refsect2>
# to use NAT MASQUERADING for all traffic from the internal private network
# to the external network. This node is the NAT-GW node.
#
-# All other nodes are set up with policy routing so that all traffic with
-# a source address of the private network and a destination outside of
-# the private network are instead routed through the NAT-GW node.
+# All other nodes are set up with a default rote with a metric of 10 to point
+# to the nat-gw node.
#
# The effect of this is that only when a node does not have a public address
-# or a route to the external network will the node use the private address
-# as the source address and only then will it use the policy routing
-# through the NAT-GW.
-# As long as a node has a public address and can route to the external network
-# the node will always pick the public address as the source address and NAT-GW
-# routing will not be used.
-#NATGW_PUBLIC_IP=10.0.0.227/24
-#NATGW_PUBLIC_IFACE=eth0
-#NATGW_DEFAULT_GATEWAY=10.0.0.1
-#NATGW_PRIVATE_IFACE=eth1
-#NATGW_PRIVATE_NETWORK=10.1.1.0/24
+# and thus no proper routes to the external world it will instead
+# route all packets through the nat-gw node.
+#
+# NATGW_PUBLIC_IP=10.0.0.227/24
+# NATGW_PUBLIC_IFACE=eth0
+# NATGW_DEFAULT_GATEWAY=10.0.0.1
+# NATGW_PRIVATE_IFACE=eth1
+# NATGW_PRIVATE_NETWORK=10.1.1.0/24
</screen>
</refsect2>
internal private network and which is destined to the external network(s).
</para>
<para>
- All other nodes are configured with policy routing so that all outgoing
- packets that have a source ip address belonging to the private network
- (which means they are not routable from the public network) are instead
- sent on to the designated NAT-GW host instead of using the normal
- routing table.
+ All other nodes are configured with a default route of metric 10 pointing
+ to the designated NAT GW node.
</para>
<para>
This is implemented in the 11.natgw eventscript. Please see the
git.samba.org / sahlberg / ctdb.git / commitdiff