Configuring cluster nodes for connectionless MNCs

You can improve the performance of connectionless MNCs, such as ip-lan or ip-wdp, by using logical IP interfaces.

Logical IP interfaces are a means of associating more than one IP address with a given physical interface. Using logical IP interfaces enables subordinate nodes to bypass the principal node when they send data to a mobile device or SafeLinx Client. This bypass improves response times and reduces the processing load on the principal node.

The principal and subordinate nodes must have the same connectivity path. That is, do not locate subordinate nodes behind a firewall and separated from the principal node.

To configure a logical IP interface, add an alias on the network interface card of the principle node for a cluster address to receive traffic from your clients. This cluster address is also used to configure a logical IP interface on the subordinate node that is associated with the loopback interface. Then, you edit the properties of the MNC on the primary node to bind to this cluster address. This direct bind causes the MNC on the principal node to listen for data by using the cluster address. Finally, configure your clients so they use the cluster address to send data to the SafeLinx Server.

To configure cluster nodes for connectionless MNCs, complete the following procedure.
  1. Add the cluster address as an alias to the primary network interface card (NIC) on the computer of the principle node. See the following table for the procedure that applies to your operating system.
    Operating systemProcedure
    AIX®

    From a command line, type the following command:

    chdev -l <en0> -a alias4=<204.67.172.72,255.255.255.0>

    Where <en0> is the logical name of the NIC, <204.67.172.72> is the cluster address, and <255.255.255.0> is the subnet mask.

    Linux™

    From a command line, type the following command:

    ip addr add 204.67.172.72/24 dev eth0

    Where 204.67.172.72 is the cluster address, 24 is the subnet mask, and eth0 is the name of the physical NIC.

    Windows™
    1. Click Control Panel > Network and Internet > Network and Sharing Center.
    2. Click Change adapter settings, right-click the network connection that you want to modify, and then click Properties.
    3. Click Internet Protocol Version 4 (TCP/IPv4) and then click Properties.
    4. Click Advanced.
    5. In the IP addresses group, click Add, specify the alias IP address and subnet mask, and then click Add.
  2. Set your operating system so that the network settings are persistent after a restart of the system.
  3. On all subordinate nodes, ensure that the subordinate loopback device does not answer ARP requests.

    Here are two examples of how to accomplish this step on Linux distributions:

    Red Hat Enterprise Linux
    1. Make sure that you installed arptables.
    2. Flush the ARP table for all subordinate nodes by running the command: arptable -F
    3. Run the following command to reset all the chains: /etc/init.d/arptables_jf stop
    4. Drop ARP replies for the cluster address for inbound traffic: /sbin/arptables -A IN -j DROP -d 204.67.172.72, where 204.67.172.72 is the cluster address.
    5. Add mangle rule to the outbound chain: /sbin/arptables -A OUT -j mangle -o eth0 -s 204.67.172.72 --mangle-ip-s 204.67.172.72. Where 204.67.172.72 is the cluster address.
    6. Save the ARP table: /etc/init.d/arptables_jf save
    7. Verify that the settings were added to the ARP table: arptables -L -n -v
    8. Activate the chain: /etc/init.d/arptables_jf start
    9. Alias the cluster address to the loopback adapter:
      ip addr add 204.67.172.72/32 dev lo
      Where 204.67.172.72 is the cluster address.
    SuSE Linux Enterprise Server
    1. From a command line, type the following commands:
      sysctl -w net.ipv4.conf.all.hidden=1
      sysctl -w net.ipv4.conf.lo.hidden=1
    2. Alias the cluster address to the loopback adapter:
      ip addr add 204.67.172.72/32 dev lo
      Where 204.67.172.72/32 is the cluster address.
  4. Modify the properties of the MNC on the principal node. On the Network page, click the Bind port to a specific address check box, then enter the cluster address in the Address to bind to field. If you decide to bind to a different network interface card on the computer, restart the SafeLinx Server to have the change take effect. You might also create an MNC to which you bind the different address of the card.
  5. Ensure that the clients are configured to use the cluster address to send data to the SafeLinx Server.