Simple but Effective Approaches to Server HA

Let us consider the network vicinity of a server in the context of its connected network interface cards (NICs), its LAN switch environment, VLAN membership, and exit gateways. Note that two or more NICs attached to redundant switch access ports provide sufficient redundancy, and channel bonding or interface teaming provides another useful combination of link aggregation (with an added redundancy benefit).

Route equalizing per destination or per packet can be configured to exit the two VLAN broadcast domains to which a server is usually hooked up. Beyond VLANs, dynamic routing protocols provide sufficiently fast rerouting around failures. It is fairly straightforward to provide redundant VLAN trunks and trunk termination (redundant routers on a stick) via Virtual Router Redundancy Protocol (VRRP) or Hot Standby Router Protocol (HSRP). This can be combined with equalized default routes (Linux) or floating static route concepts. Manual load distribution can be manipulated via manually tuned more-specific prefix routes. Return-packet load balancing originating from distant sites is an entirely different story; Domain Name System round-robin (DNS RR), Border Gateway Protocol (BGP) approaches (MED or path prepending), or dedicated load-balancing devices represent possible solutions.

When experimenting with special load-distribution approaches, keep in mind that Internet Control Message Protocol (ICMP) redirects might affect what you try to accomplish. sysctl provides a hook to disable dissemination of ICMP redirect messages (as shown in Example 12-1).

Example 12-1. Disabling ICMP Redirects for Special Cases

[root@ganymed:~#] sysctl -a | grep redirect

net.inet.ip.redirect = 1

net.inet6.ip6.redirect = 1

Address Resolution Protocol (ARP) cache latency is another issue that considerably affects certain setups. How long an ARP entry remains in a cache until it is removed is implementation-specific and might require manual intervention. To compensate for long timeouts, failover concepts such as VRRP/HSRP use gratuitous ARP featuring unsolicited updates.

Split-view DNS setups are popular, especially in enterprise networks where Network Address Translation (NAT) is used. Split-view DNS essentially means that an internal name server responds to queries for names associated with corporate RFC 1918 addresses and consults the external name server if it fails to resolve global records. Therefore, for true redundancy, two internal and two external DNS servers are advisable.