Greeting:
I had configured a rotating resource group using IP aliasing and
pesistent IP address on each node.

However, I find that the default route was based on my persistent IP
address such that my firewall has to configured the source address of
my node to be the persistent addresses which should be my intention. (I
want the source address of every traffic comming from my node to be the
service IP address)

Is there any way to change the default route based on my service
address, such that the remote machine can know that I am using the
service address to connect to it and the firewall rules can be more
make sense.

Thanks in advance.

Hi,

I think your problem might be related to the way aix creates outgoing
connections. If you have two adapters on the same subnet, aix will
alternate between these when making outgoing connections, so unless you
can bind your application to the service address you will need to open
up for both. In case of a server-only application it should be no
problem.

>From a HACMP FAQ:

"...in AIX 5.1 multiple interfaces can have a route to the same subnet.
This is sometimes referred to as multipath routing or route striping
and when this situation exists, AIX will multiplex outgoing packets
destined for a particular subnet across all interfaces with a route to
that subnet."

As you really have no control over on which interface your persistent
and service addresses will end up, you will easily end up in this
situation, and have to plan your network setup accordingly.

see:
http://www-03.ibm.com/servers/eserve...s/ha/faq5.html

regards,
Jesper James

In addition, you can always add a static route to a specific host.
This has solved similar problems for me in the past, esp. when sending
data to outside vendors through routers with ACLs, and with ftp to
hosts via passive mode.

-Greg

Jesper James wrote:
> Hi,
>
> I think your problem might be related to the way aix creates outgoing
> connections. If you have two adapters on the same subnet, aix will
> alternate between these when making outgoing connections, so unless you
> can bind your application to the service address you will need to open
> up for both. In case of a server-only application it should be no
> problem.
>
> >From a HACMP FAQ:
>
> "...in AIX 5.1 multiple interfaces can have a route to the same subnet.
> This is sometimes referred to as multipath routing or route striping
> and when this situation exists, AIX will multiplex outgoing packets
> destined for a particular subnet across all interfaces with a route to
> that subnet."
>
> As you really have no control over on which interface your persistent
> and service addresses will end up, you will easily end up in this
> situation, and have to plan your network setup accordingly.
>
> see:
> http://www-03.ibm.com/servers/eserve...s/ha/faq5.html
>
> regards,
> Jesper James