From: Colin Bull (c.bull@videonetworks.com)
Date: Thu Jul 03 2003 - 10:47:02 EDT
I received a reply from a former colleague Martin Burton who said -
------
Tru64 clusters normally advertise the route for the cluster alias(es)
via RIP.
In fact here we exploit that functionality to
split our clusters across two subnets, with four of the eight nodes on
each subnet. The switches on each subnet listen for the RIP broadcast
for the cluster alias and then export this into our OSPF infrastructure,
which means that the route to the cluster alias is always directed via
the shortest path.
I'm not quite sure why anyone would say that RIP is "unsafe" in your
environment though. If used within a private network like VNL's with
adequate thought to firewalling etc. then there is little chance of any
unauthorized router polluting the RIP routes. In addition RIPv2 can
have some security applied by specifying password authentication between
RIP routers, these are however are transmitted in plain text and could
be compromised by anyone with direct access to the network segment and a
packet sniffer.
If, however, RIP is not being used anywhere else on the network for
route propagation, then it is simply increasing the amount of broadcast
traffic on the segment and can be safely turned off. But you must bear
in mind the following:
If the cluster aliases are on the same subnet as the physical network
interfaces, (e.g two nodes with 10.1.1.1/24 and 10.1.1.2/24 and a
cluster alias on 10.1.1.3/24) then you can switch off RIP on the cluster
with impunity. HOWEVER, if your cluster aliases are on a different
subnet than the physical interfaces (e.g tow nodes as above, but with
the cluster alias on 10.1.2.1/24), then you *must* have RIP enabled to
allow TruCluster to proxy ARP for the alias address.
--------
Because our aliases are all on the same subnet, I will recommend it is
switched off.
My Query
Tru64 5.1A ES40/DS20 with memory channel clustering
One of our networking guys has advised us that these servers are
using RIP1 routing protocol which is unsafe.
The only reason I can think of that this would have been installed
would because of the memory channel clustering.
Does anyone know anything about RIP ?
Colin Bull
c.bull@videonetworks.com
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:49:25 EDT