Virtual networks in PowerHA SystemMirror

Edit online

In PowerHA® SystemMirror® Version 7.1.0, or later, the adapter monitor provided by Cluster Aware AIX® (CAA) cannot always identify whether a virtual adapter has lost its corresponding physical adapter.

For example, if a network cable is unplugged from a Virtual I/O Server (VIOS), it cannot communicate with the external network. Thus, the VIOS partitions might report their individual virtual interfaces as available, when they cannot reach any external LAN beyond the virtual network.

If you are setting up a virtual network or an Integrated Virtual Ethernet (IVE) network in PowerHA SystemMirror for the first time, you must create a netmon.cf file in the /usr/es/sbin/cluster directory. In the netmon.cf file, you must have at least one line for each virtual interface by using the following format: 
!REQD owner target
port NO_PING
PING
The following list describes the variables that are used in the netmon.cf file.
!REQD
An explicit string that must be at the beginning of the line without any leading spaces.
owner
The interface whose online or offline status is determined by whether it can ping any of the specified targets. The owner can be specified as a hostname, IP address, or interface name. If you use a hostname, it must resolve to an IP address or the line is ignored. You can specify the !ALL string to indicate that all adapters use the specified target.
target
The IP address or hostname you want the owner to try to ping. To use a hostname, the target must be resolvable to an IP address.
8080
The port to access a network monitoring web interface at http://netmon.cf:8080 to configure a service to run on port 8080.
NO_PING
The firewall rule or a server setting that disables the Internet Control Message Protocol (ICMP) echo requests, or a monitoring flag.
When you are creating or changing the netmon.cf file, consider the following information:
  • When you change the netmon.cf file in PowerHA SystemMirror Version 7.1, or later, you do not have to restart cluster services to apply the changes. The cthags subsystem automatically re-reads the netmon.cf file approximately every minute.
  • You must select targets that are outside the virtual network environment.
  • Targets that you identify must be maintained through changes in your network environment.
  • You can provide only one target per line. However, in IBM® AIX 7.1 with Technology Level 4, or earlier, you specify the same owner entry up to 32 different lines in the netmon.cf file. In IBM AIX 7.1 with Technology Level 4, or later, and AIX Version 7.2, or later, only the last five entries for an owner entry are considered. For an owning adapter listed on more than one line, the adapter is considered available if it can ping any of the provided targets.
  • Do not use multiple targets that are on the same physical system or device because a single system or device failure causes the adapter state to be marked as down. Also, targets on other PowerHA SystemMirror nodes must not be used because a node failure can be interpreted as a network failure, and might prevent PowerHA SystemMirror from responding to the node failure.
  • Each virtual adapter must have at least one line inside the netmon.cf file that specifies a target that can be pinged from the boot IP address on that interface, or a persistent IP alias if one is configured.
  • Network hardware that can be pinged, such as gateways and routers, are useful as target addresses because PowerHA SystemMirror nodes already use them.

If some adapters on the same network are virtual and others are not, it is perfectly acceptable to use the !REQD format. For both the virtual adapter en0 and the physical adapter en1, you must use the !REQD format in the netmon.cf file.

In PowerHA SystemMirror, all entries in the netmon.cf file must begin with the !REQD format. Any line that does not begin with the !REQD format is ignored as a comment by CAA. At least one target for an adapter must respond to a ping for the adapter to be considered active.

The PORT=8080 NO_PING variable instructs virtual adapters to stop performing ping based health checks on the port 8080. Instead, they perform checks at the application level to enhance accuracy, reduce chances of false negatives, and allow smooth operation in secured or Internet Control Message Protocol (ICMP) restricted networks.

Note: This format also applies to IVE networks. However, you cannot use a target that is a member of the IVE network in the same physical system.

Examples

The following examples explain the content in the netmon.cf file:

  1. In this example, the adapter that owns host1.ibm is only available if it can ping 100.12.7.9 or whatever host4.ibm resolves to. The adapter that owns 100.12.7.20 is only available if it can ping 100.12.7.10 or whatever host5.ibm resolves to. If 100.12.7.20 is the IP address that host1.ibm resolves to, then all four targets belong to that same adapter. 
    !REQD host1.ibm 100.12.7.9
!REQD host1.ibm host4.ibm
!REQD 100.12.7.20 100.12.7.10
!REQD 100.12.7.20 host5.ibm
!REQD 100.12.7.20 host5.ibm 8080 NO_PING
  2. In this example, all adapters are available only if they can ping the 100.12.7.9, 110.12.7.9, or 111.100.1.10 IP addresses. The en1 owner entry has an additional target of 9.12.11.10. 
    !REQD !ALL 100.12.7.9
!REQD !ALL 110.12.7.9
!REQD !ALL 111.100.1.10
!REQD en1 9.12.11.10
!REQD 100.12.7.20 host5.ibm 8080 NO_PING