Alias Defender

Clark Cooper

Meeting the demands of 24x7 system availability can sometimes be difficult. This article presents a simple application, which ensures that, between two systems, an alias IP stays active on your network for Solaris and RedHat 6.x Linux Systems. By ensuring that an alias IP is active on the network, you can increase the availability of a network resource.

The application is called Alias Defender and is a Perl script. The two systems that run Alias Defender have their own unique name and IP address. Clients wanting to access the network resource should connect to the alias IP. If the system running the alias IP goes down, Alias Defender will automatically configure the paired system with the alias IP. This ability to automatically transfer the alias IP during a downtime scenario will give the end user a perception that the network resource was only briefly down.

The availability of the alias IP is monitored via the Perl ping.pm module every 20 seconds (see Figure 1). If the alias IP is found not responding, then the ifconfig command is used to add the alias (see Figure 2). There are also conditions that must be met before an alias IP will be added (see Figure 3).

Given the limitations discussed below, Alias Defender will work best for network resources such as a proxy server where there is little or no local dynamic data. Though there are no physical equipment placement requirements, the two systems should reside on the same network.

What Is an Alias IP?

An alias IP is an additional IP address for which a system will answer. The following shows a system that will only answer for the single IP 172.16.1.1:

$ /usr/sbin/ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> \
   mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000
spwr0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> \
   mtu 1500 
  index 2
        inet 172.16.1.1 netmask ffffff00 broadcast \
   172.16.1.255

Running ifconfig on a system configured with an alias IP will show a second interface. The following demonstrates this with an alias IP of 172.16.1.2. This system will answer for two IP addresses with one Ethernet card or interface installed. Note that because the alias IP resides on the primary interface sprw0, the interface name for the alias is sprw0:1:


$ /usr/sbin/ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000
spwr0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
        inet 172.16.1.1 netmask ffffff00 broadcast 172.16.1.255
spwr0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
        inet 172.16.1.2 netmask ffffff00 broadcast 172.16.1.255

Requirements

Alias Defender has been tested on Solaris 2.6, Solaris 7, Solaris 8, and Red Hat 6.1. Perl 5.005_03 or higher (with the Net::Ping.pm module installed) is required. For Solaris systems, the best location to download Perl is: http://www.sunfreeware.com. The downloads there are built per-platform and appear to include the Net::Ping.pm module. The Red Hat Perl rpm also appears to include the Net::Ping.pm module.

Limitations

Alias Defender does not share or replicate data between the two systems. Thus, when the alias IP is transferred to the partner, data files are not transferred with the IP. The transfer may take up to 30 seconds to transfer. A default router setting on the system is required. This is used as a third-party check to ensure a false failover does not occur due to a network outage.

Installation and Configuration

Normal operation of Alias Defender should be handled with the init script (see “Init Script” section below). Both systems must have Alias Defender running. Use ifconfig -a to see the alias IP brought in or out of service. All Alias Defender operations are logged to the system log (/var/adm/messages or /var/log/messages).

There are three files for installation: AliasDefender, AliasDefender.pl, and hostname.alias (Listings 1-3). After downloading these files, do the following while running as root. (Listings for this article are available from: http://www.sysadminmag.com.)

-Init Script
   Solaris:
      cp AliasDefender /etc/init.d
      chmod 744 /etc/init.d/AliasDefender
      ln -s /etc/init.d/AliasDefender /etc/rc0.d/K02AliasDefender
      ln -s /etc/init.d/AliasDefender /etc/rc1.d/K02AliasDefender
      ln -s /etc/init.d/AliasDefender /etc/rc3.d/S99AliasDefender

   Linux:
      cp AliasDefender /etc/rc.d/init.d
      chmod 744 /etc/rc.d/init.d/AliasDefender
      ln -s /etc/rc.d/init.d/AliasDefender /etc/rc.d/rc0.d/K02AliasDefender
      ln -s /etc/rc.d/init.d/AliasDefender /etc/rc.d/rc1.d/K02AliasDefender
      ln -s /etc/rc.d/init.d/AliasDefender /etc/rc.d/rc3.d/S99AliasDefender


    -Application Script

         cp AliasDefender.pl /usr/local/lbin
chmod 744 /usr/local/lbin/AliasDefender.pl

If you do not want to install AliasDefender.pl to /usr/local/lbin, be sure to update the variable “ALIAS_DEFENDER” in the init script with the new path. Be sure that the path to Perl is correctly set at the top of AliasDefender.pl:

    -Configuration file
cp hostname.alias /etc

You will need to modify /etc/hostname.alias for proper function. The heading of this file should provide explanation of the field definitions.

Init Script

The init shell script is provided for automating the start/stop of Alias Defender during the bootup/shutdown process. You can manually start with the following:

Solaris:

# /etc/init.d/AliasDefender start

Linux:

# /etc/rc.d/init.d/AliasDefender start

Starting Alias Defender will create the following daemon:

  root  273  1  0 08:20:38 ?  0:00 /usr/bin/perl \
    /usr/local/lbin/AliasDefender.pl Monitor

Alias Defender Script

This Perl script should normally be called by the init script. This is the script that handles the monitoring, adding, and removing of the alias IP. For manual operation, the following parameters are allowed:

Usage: ./AliasDefender.pl { AddAlias [Alias IP] | Monitor | \
  RemoveAlias [Alias IP] }

AddAlias -- This will add ALL defined aliases:

# ./AliasDefender.pl AddAlias

This will add a single defined alias:

# ./AliasDefender.pl AddAlias 172.16.1.2

RemoveAlias -- This will remove ALL defined aliases:

# ./AliasDefender.pl RemoveAlias

This will remove a single defined alias:

# ./AliasDefender.pl RemoveAlias 172.16.1.2

Monitor -- This will create the monitoring daemon for ensuring the alias IP is active on the network. This is the parameter that is called by the init script:

# ./AliasDefender.pl Monitor

Configuration File

Alias Defender is configured with the file /etc/hostname.alias. Below is a sample configuration file:

#  Nic      The interface that is to be used as the alias.
#           This is determined by the interface to which
#           you want to bind the alias.  For instance, if the
#           primary interface is named "dnet0", then the interface
#           for the alias should be "dnet0:1".  Multiple alias
#           interfaces are supported and each should be unique.
#
#  Alias IP The alias IP to be defended between the two systems.
#
#  NetMask  The network mask of the Alias IP Address.
#
#  Partner  The opposite system in the pair.  Can be an IP or
#           host name that is defined in DNS or host file.    
#
#  Primary  Defines if this system is to act as the primary between
#           the two systems.  Only one system should be primary.  
#           By being primary, the system will activate the alias
#           even if the partner is active on the network.  A non-
#           primary system will not bring up the alias if the parter
#           is alive.  This is done to reduce any collisions during
#           the alias IP addition.
#
#     NOTE: Each field is separated by a "|".  This is required.
#
# Nic   | Alias IP   | NetMask       | Partner     | Primary
iprb1:1 | 172.16.1.2 | 255.255.255.0 | 172.16.1.5  | true
iprb1:2 | 172.16.1.3 | 255.255.255.0 | 172.16.1.5  | true

About the Author

Clark has worked as Systems Administrator and/or client support for 9 years. He is currently employed by VC3 Inc. and can be reached at: Clark.Cooper@vc3.com.