Sharing static IPs between Virtual Maschines

Question

Since now, I used the vhost feature of apache2 to bind multiple domains to one public and static ip.

Now I'm setting up a XEN Host with 4 IPs, and several VMs, two of them are pure webservers. It's possible for these to 2 VMs to share one public ip? Eachone would have a set of vhosts on the same public ip.

alt text

Edit: Okay, what about a Host based redirection? alt text

I just care about HTTP(S) Requests on Port 80 or 443. Everything can be handled by NATing. — Henrik P. Hessel, Jul 09 '09 at 14:13

score 7 · Accepted Answer · answered Jul 09 '09 at 14:05

If you only care about serving http, you most likely want to install a software load balancer / reverse proxy like Pound. The configuration on the Xen host would (again-- most likely) look like

ListenHTTP
            Address xx.xx.xx.xx
            Port    80

            Service
                BackEnd
                    Address ip.of.webserver.1
                    Port    80
                End
                BackEnd
                    Address ip.of.webserver.2
                    Port    80
                End
            End
End

You'll also need to setup forwarding and iptables rules on the Xen host; it may already be setup for that.

Nice mention of Pound, was gonna suggest it. – Karolis T. Jul 09 '09 at 14:10 — Karolis T., Jul 09 '09 at 14:10

radius · Answer 2 · 2009-07-09T14:14:12.800

1

As per your edit, you can use a reverse proxy. Apache can do that. Pound is another solution already mentioned.

edited Jul 09 '09 at 14:14

answered Jul 09 '09 at 13:50

radius

9,545
23
45

Not true, what about http://www.codinghorror.com/blog/archives/000984.html – Henrik P. Hessel Jul 09 '09 at 13:53
This not sharing the same IP on 2 computers but using a reverse proxy as a workaround. – radius Jul 09 '09 at 14:07
The codinghorror article is about using Windows ISA Server, which looks like the same (basic) thing as Pound. The backend servers actually have different IPs (192.168.0.1 and 192.168.0.2) that ISA forwards requests to. – Matt Jul 09 '09 at 14:13

score 1 · Answer 3 · answered Jul 09 '09 at 13:54

1

I don't think you would be able to split the requests going to both servers if they are the same IP?

Why do you need to set them on the same IP?

nice diagram though

answered Jul 09 '09 at 13:54

Rodent43

697
3
11

Apache2 vhost feature serves the correct website by reading out the request header. Why shoudn't it possible to "split" the requests on level above? – Henrik P. Hessel Jul 09 '09 at 13:57
I would of thought you would need to split the request before is get to the apache server? so from DNS or a server above to know where to route say bob.intranet > xxx.xxx.xxx.xxx – Rodent43 Jul 09 '09 at 13:58
Right, something like this: http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/288bd8ef-c12d-43bc-9b66-264bc572c87a.mspx?mfr=true – Henrik P. Hessel Jul 09 '09 at 14:00
But is that not referring to hosts on one server not multiple servers with same IP? If it is possible I would love to know how and I don't want to sound offensive, I just cant see how the requests would know which server is which unless you could use ports for traffic so only one IP listens on specific ports? but then i'm not sure it would be split before it gets to V Machines? – Rodent43 Jul 09 '09 at 14:04
From my point of perspective, it's always better to ask "is it possible?" and to hear "no, it isn't!" then never asked it and thinking "it's just impossible". I appreciated your contribution, though. – Henrik P. Hessel Jul 09 '09 at 14:18
I agree, I learn everyday by asking...knowledge sharing is what it is all about – Rodent43 Jul 09 '09 at 14:25

score 1 · Answer 4 · answered Jul 09 '09 at 13:56

As radius and the others say, I don't believe that it's possible to do it just by giving the servers the same IP (they'll complain about duplicate addresses and one of them will end up IP-less), or the same secondary IP (as above, but harder to troubleshoot).

A better option would be either round-robin DNS, where you can add the IPs of each webserver to the same "A" record, and a query for that "A" record will return either a different address each time, or a list of addresses for your clients to choose from. Another option would be to add some kind of load-balancing app in front of the two webservers to route traffic to each one equally (or just to one, with the other as a failvover) You can do this with another instance of Apache with mod_proxy installed.

Which one of these you want to use depends on why you want to do it - are we talking about some kind of high-availability/clustering thing?

Dave Cheney has a great answer why would one want to avoid DNS round robin: http://serverfault.com/questions/6702/how-can-i-automaticaly-change-the-dns-a-record-to-point-my-site-to-a-secondary-se — Karolis T., Jul 09 '09 at 14:05
True, it's a bad idea for doing failover with (although rAyt didn't mention what he was actually trying to achieve with this). I've never used it for anything myself, just sticking it out there in case someone finds it useful. — RainyRat, Jul 09 '09 at 14:58

Karolis T. · Answer 5 · 2009-07-09T14:08:59.927

You can not have a single IP on both machines at the same time, but you can quickly move it between them.

It seems you're after a load balancing/high availability solution.

I suggest you look into Linux-Ha - Heartbeat [1].

It's basically a daemon that would run on both machines, Webserver 1 and Webserver 2 and send "I'm alive" signals to each other, whenever the signal is not received for a specified amount of time, the other node is assumed dead (or made dead using a STONITH [2] device) and the active node takes everything over.

You can also pick active/passive nodes by hand. Starting from heartbeat v2, it's possible to monitor nodes at resource level, though the configuration is XML based and kind of complex, if you're going to look into it, I suggest using heartbeat-gui to configure it (Ubuntu has a package [3])

Novell has a great free ebook about this stuff [4].

[1] http://www.linux-ha.org/

[2] http://www.linux-ha.org/STONITH

[3] http://packages.ubuntu.com/hardy/admin/heartbeat-gui

[4] http://www.novell.com/documentation/sle_ha/

score 1 · Answer 6 · answered Jul 09 '09 at 15:36

1

I don't believe anyone is suggesting two VMs with the same IP. I agree with your reply though. You can't have two machines on the same subnet sharing an IP as you would have an ARP table problem.

The only reason for doing this is load balancing and disaster recovery where if one VM fails, traffic and continue to flow to the other VM; however if the physical hardware fails then both VMs are down so I'm not sure what the value is here or with load balancing. I mean you would be load balancing between two VMs on same physical hardware. What's the goal here?

answered Jul 09 '09 at 15:36

Kilo

1,554
13
21

The Goal is to reduce costs. Each IP Adress costs money. – Henrik P. Hessel Jul 09 '09 at 15:48
Well, two things: (1) You can't reduce cost at the expense of violating basic network fundamentals. You cannot have the same IP on two VMs or machines on the same subnet because your ARP tables would get confused. (2) Not knowing your situation, I can't imagine the cost savings related to reducing IPs! It seems like hair splitting to me but here is a thought. Can you use one public IP and two RFC1918 addresses and not be charged for those? – Kilo Jul 10 '09 at 00:19

score 0 · Answer 7 · answered Jul 09 '09 at 13:53

0

No, you can't have two servers with the same IP. You will need to get at least one public IP per VM, or do some sort of NATing, but if your going to be serving web pages from these VM's, then you definitely need separate IP's

answered Jul 09 '09 at 13:53

Sam Cogan

38,158
6
77
113

Sharing static IPs between Virtual Maschines

7 Answers7