Multiple IP alias to be used with Nginx

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Multiple IP alias to be used with Nginx

Payam Chychi
Hey guys,

had a question for anyone that is utilizing massive amount of ip alise
on *nix* to allow proper ip listening for nginx. I currently have
1x/24 and 1x/23 network that i need nginx to listen for... I also run
independent config files for each unique ip address on the box which
listens for an active ip address/adapter on the server. Ive had to
turn to using ip alise for this function to work properly but its
really a crappy way of doing this (having over 700 ip alise is not
something an admin would want to have) so is there a way to force
nginx to listen to an ip addresses/request that are not active on the
box? I am utilizing a Load balancer in an DSR mode...

Thanks in advance

--
Payam Tarverdyan Chychi
Network Security Specialist / Network Engineer

Reply | Threaded
Open this post in threaded view
|

Re: Multiple IP alias to be used with Nginx

Igor Sysoev
On Fri, May 29, 2009 at 10:51:10AM -0700, Payam Chychi wrote:

> Hey guys,
>
> had a question for anyone that is utilizing massive amount of ip alise
> on *nix* to allow proper ip listening for nginx. I currently have
> 1x/24 and 1x/23 network that i need nginx to listen for... I also run
> independent config files for each unique ip address on the box which
> listens for an active ip address/adapter on the server. Ive had to
> turn to using ip alise for this function to work properly but its
> really a crappy way of doing this (having over 700 ip alise is not
> something an admin would want to have) so is there a way to force
> nginx to listen to an ip addresses/request that are not active on the
> box? I am utilizing a Load balancer in an DSR mode...

If you set *:80 and do not set "bind" on listen's, then nginx will listen
on *:80 only, and will call getsockname() to learn address:

     server {
         listen  80;
         listen  192.168.1.1:80;
         ...
     }

     server {
         listen  192.168.1.2:80;
         ...
     }

     server {
         listen  192.168.1.3:80;
         ...
     }


--
Igor Sysoev
http://sysoev.ru/en/

Reply | Threaded
Open this post in threaded view
|

Re: Multiple IP alias to be used with Nginx

Jérôme Loyet
In reply to this post by Payam Chychi
2009/5/29 Payam Chychi <[hidden email]>:

> Hey guys,
>
> had a question for anyone that is utilizing massive amount of ip alise
> on *nix* to allow proper ip listening for nginx. I currently have
> 1x/24 and 1x/23 network that i need nginx to listen for... I also run
> independent config files for each unique ip address on the box which
> listens for an active ip address/adapter on the server. Ive had to
> turn to using ip alise for this function to work properly but its
> really a crappy way of doing this (having over 700 ip alise is not
> something an admin would want to have) so is there a way to force
> nginx to listen to an ip addresses/request that are not active on the
> box? I am utilizing a Load balancer in an DSR mode...
>

do you mean that on your real server the VIP are not mounted ?

I use a similar architecture with LVS and direct routing (should be
the same as DSR). And on the real server each VIP is mounted on
loopback and the system is told not to respond to ARP request for
loopback interfaces coming on ethernet interface (play with
net/ipv4/conf/*/arp_ignore and
/proc/sys/net/ipv4/conf/*/arp_announce). This way, each real server
has its own VIP and nginx (or other softwares) can listen on them.

hope it helps

Reply | Threaded
Open this post in threaded view
|

Re: Multiple IP alias to be used with Nginx

Payam Chychi
2009/5/29 Jérôme Loyet <[hidden email]>:

> 2009/5/29 Payam Chychi <[hidden email]>:
>> Hey guys,
>>
>> had a question for anyone that is utilizing massive amount of ip alise
>> on *nix* to allow proper ip listening for nginx. I currently have
>> 1x/24 and 1x/23 network that i need nginx to listen for... I also run
>> independent config files for each unique ip address on the box which
>> listens for an active ip address/adapter on the server. Ive had to
>> turn to using ip alise for this function to work properly but its
>> really a crappy way of doing this (having over 700 ip alise is not
>> something an admin would want to have) so is there a way to force
>> nginx to listen to an ip addresses/request that are not active on the
>> box? I am utilizing a Load balancer in an DSR mode...
>>
>
> do you mean that on your real server the VIP are not mounted ?
>
> I use a similar architecture with LVS and direct routing (should be
> the same as DSR). And on the real server each VIP is mounted on
> loopback and the system is told not to respond to ARP request for
> loopback interfaces coming on ethernet interface (play with
> net/ipv4/conf/*/arp_ignore and
> /proc/sys/net/ipv4/conf/*/arp_announce). This way, each real server
> has its own VIP and nginx (or other softwares) can listen on them.
>
> hope it helps
>
>

Hi,

yep, same concept only on the actual adapter is where im doing this
and simply dropping outbound arp requests...

--
Payam Tarverdyan Chychi
Network Security Specialist / Network Engineer