Donnerstag, 27. März 2014

Vyatta Cluster

Have you ever tried vyatta?

Vyatta is an open source network operating system providing advanced IPv4 and IPv6 routing, stateful firewalling, IPSec and SSL OpenVPN, and more.

So basically its the software you want when it comes down to run your own core router or firewall. The configuration style is pretty close to JUNIPER. It has a creat structure and a very good autocomplete. There are two versions available an opensource and free to use one, and of course an enterprise version.

Now lets assume that you have your two machines installed, the installation is quite easy, you can run it from cd. login via user: "vyatta" and password: "vyatta" and type

install image

there is a short text interface which asks you some questions. Right after that you can reboot the system and enjoy the basics. Lets start with configuring the network.
ets say that our tw machines wil run with the ip and and we want to have on both machines as an failover address between these two machines. Currently we dont think about what service will use this address as it could be everything from ipsec to outside NAT.

set interfaces ethernet eth0 address <x.x.x.x/x>

is the command you use to set these addresses.
Now we setup an vyatta cluster via (!the numbers in braces are just for my documentation!)

set cluster group myfirstcluster (1)
set cluster group myfirstcluster primary 'first-router' (2)
set cluster group myfirstcluster secondary 'second router' (3)
set cluster group myfirstcluster service '' (4)
set cluster group myfirstcluster monitor ''(5)
set cluster interface 'eth0'(6)
set cluster keepalive-interval '2000' (6)
set cluster dead-interval '10000'(7)
set cluster pre-shared-secret '!somesecret!'(8)

So what do we do in here?
In (1) we just name our cluster so the instance will be "myfirstcluster". 
In (2) and (3) we definde the primary and secondary system, please set them to the name you have given to your systems. 
In (4) we set the service IP, so here we say that we want to have the ip on interface eth0 be the ip for the cluster instance.
(5) is just to add an monitor to the system. Wehenever one node cant connect to the other node it will check if the monitor is available, if not the node will not obtain the service ip as it seems that the machine itself has a problem. You can add as many nodes as you want to.
In (6) we definde the keepalive interval, so in which interval are keepalive pakets sended here it is set to 2000ms.
(7) the deadinterval, how many ms do we wait before we asume the node to be death.
And (8) of course we need a pass, as we dont want an other node to shutdown our system.

Basically you do this on both machines.

No something very useful. As vyatta is just an debian, you can always use "sudo -i" to be root and tcpdump or something like that. When being root you can also perform failovers by hand, you will find the scripts at:
  •  /usr/share/heartbeat/
    • hb_standby - will set the node into standby mode
    • hb_takeover - will let the node be master again