Redundancy with dual nic servers

Hi I have 2 11500's configured with box-to-box redundancy. I have a number of app servers each with dual nic's (which are Teamed) and which are connected directly to the CSS's. Nic 1 in each goes to the master CSS1 and is therefore live. Nic2 goes to standby CSS2.The CSS's are connected two 4500 switches to the public.I am monitoring the links to the 4500's,if i switch off the master CCS1,we fail over and the servers all connect via nic2 to the new master CCS2. But when the link to the 4500 from the CSS1 Master goes down the CSS'S failover but the nic2's do not connect to the CCS2 because Nic 1 in each server has not failed ie they still see CSS1 as up. Is there a workaround to this problem ?
Thanks
J

I know of no way to link CSS interfaces so that if the uplink goes down, the the other ports are shutdown. There may be another way to configure the adapter teaming or failover on the server side. I know some OS's send out test frames from one adapter to the other to verify network integrity.
What I'd recommend is that you setup a VLAN on your 4500's for the server's physical connections, and uplink that to a "backend" interface on the CSS. This can be done with the CSS in either a router or bridge configuration, but I'd recommend router mode.

Similar Messages

  • VCSE with dual NIC / SIP H323 encrypted call / traversal and non-traversal call license questions

    Dear All,
    I have a few questions and I would appereciate if someone will answer my questions?
    1) May I know pros and cons of using Dual NIC and single NIC with VCSE in DMZ?
    2) In order to make H323 and SIP encrypted call, what configuration need to be done on Cisco endpoint, non-cisco endpoint, VCSC and VCSE (both signalling and Media need to be encrypted). 
    3)let say my VCSE is in DMZ- endpoint A (cisco) and endpoint  B (non-cisco) are registered on VCSE. I would like VCSE to use non-traversal call license when A call to B or B call to A regardless of whether H323 or SIP call.How can I force VCSE and endpoints to use non-traversal call. I only want VCSE to handle signalling and media is EP to EP direct. As traversal license is quite expensive.
    I found following information from Cisco document.
    all Cisco TelePresence endpoints are traversal enabled and so a traversal license will always be needed when at least one of the endpoints involved in the call is a Cisco TelePresence endpoint.
     Is it possible to disable traversal client feature of Cisco endpoint?
    Thanks and Best Regards,

    voice register pool  4
    add-->codec g711ulaw
    voice register global
    no create pro
    create prof
    and enable below debugs and send the logs
    deb ccsip mess
    deb voip ccapi inou
    deb h225 asn1
    deb h245 asn1

  • Redundancy with dual WLC

    Hi, I will implement a WLAN network with AP1130AG and WLC 2125. If I understand right the whole traffic to/from the APs (data + management) will be first encapsulated in a LWAPP tunnel to/from the WLC ? Then, the WLC will forward the different traffic VLANs via a 802.1Q trunk to the network. Is it correct ? If so, the WLC is a true single point of failure ! What will happen if the WLC get out-of-service ? What is the impact on existing client sessions and new ones ? How will a redundant WLC 2125 work with the primary (active/standby with HSRP, load balancing)? What are the best practices in such a network ?
    Thanks

    Hi Jean-Pascal,
    In the WLC world this is how an AP is covered in case one WLC fails. It is not without some "downtime" in case of failure but both Controllers are active. You have to keep in mind that an AP can only be registered to one WLC at a time so this is the best that you can do :) When one WLC fails the AP then has to re-register with the backup, this is not a completly seemless process.
    This has some really good info;
    WLAN Controller Failover for Lightweight Access Points Configuration Example
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008064a294.shtml#c4
    Hope this helps!
    Rob

  • Setting Up Dual NIC Cards? Benefit?

    Hello Everyone,
    I know that the Mac Pro line comes with Dual NICs and I was wondering how do I set these up to be useful with my Cable Modem and Router? Can they be used to get more speed or are they used together in some other capacity.
    I really appreciate anyones help and expertise.
    Many Thanks,
    Chris

    The normal use of dual nic interfaces would be to run double instances of a given server on disparate IP numbers. Dual NIC's are generally employed in order to attach multiple IP addresses to a single machine.
    Another potential use for dual NIC's is internet connection sharing, where your Mac Pro acts as a kind of router; again also this could be used for attaching one NIC to print services and the other NIC for LAN/WAN access.
    OK, actually there are a whole bunch of good reasons for dual NIC cards, but 'doubling your bandwidth' is really not one of them. Believe me, unless you are on a direct fiber OC-10 20 foot from your ISP's NOC, then your existing single NIC has 1000 times the bandwidth of your incoming WAN connection.
    It is likely possible to interleave dual NIC cards between two machines for bandwith purposes; but if that were going to be the canse, just identify one as "in" and the other as "out" (both machines would have to have dual NIC's to make this mean anything) but again, I honestly do not see a real world use for this...
    Message was edited by: psalmsmith

  • Configuring Dual-homed servers for redundancy to 6509s

    I am looking for assitance in properly configuring dual-homed servers for redundancy to two CatOS based 6509s. My search for information on how to do this has been unsuccessful to date, so any help you can provide would be most appreciated.
    Do I need any special hardware/software on the 6509s and/or on the servers?
    Thanks, in advance.
    John

    A lot depends on the kind of servers you have and the NIC teaming algorithms they support. Usually two or more NICs can be teamed in either a fault tolerant configuration (with one primary NIC) or in transmit load balancing configuration. Both these configurations allow the NICs to be connected to separate L2 switches so in case your servers do support such kind of teaming all you need is to have both NICs in the same VLAN and ensure L2 connectivity between the Catalyst 6509s. I recommend you research this from the server perspective also and like everything else test it before production deployment.

  • Dual-homed servers connected directly to redundant CSSs

    Hi.
    I have no experience with Cisco content switches and I need help with this implementation:
    I have DMZ on PIX cluster, where are 3 couples of servers and I need to load balance traffic to them.
    I want to connect PIX cluster to L2 switches then connect L2 switches to redundant CSSs and servers directly connect to CSSs with dual-home (primary NIC to primary CSS and secondary NIC to backup CSS). I'm not sure whether this dual home connection will work correctly. What kind of CSS redundancy ssould I use?

    dual NIC does not work with server directly connected to CSS.
    You should connect your servers to a pair of L2 switch and then connect the L2 switch to the CSS.
    Regards,
    Gilles.

  • Proxy support with dual proxies

    I need to support dual proxy servers in a web-service client software. I am setting the proxy settings as below and try to create the binding and if it fails I will try the second proxy.
    // setup the proxy settings
    System.setProperty("http.proxyHost", proxyHost1);
    System.setProperty("http.proxyPort", proxyPort1);
    try to bind
    if bindingfails {
    System.clearProperty("http.proxyHost");
    System.clearProperty("http.proxyPort");
    try to bind.
    I know I have written some psuedocode... what I think is happening is that the second time I try to bind to web service, it still used the same settings as before. Has anyone come across this issue or any one know what is the best way to support dual proxies.
    Thanks

    To add to Ajay's correct posting - even if you had an external router to handle the BGP and the agreement from the provider who has assigned you your /28, you could not use the first provider's assigned netblock with a second provider since it is smaller than a /24 - the smallest allowed portable block.
    If you were to acquire a provider-independent /24 assigned directly to you from your provider or RIR (ARIN, RIPE, APNIC, etc.) you could potentially use that (still requiring an external router). However it is unlikely that you could get a new one assigned since the /28 suffices for your hosts at this point.
    As you describe it now, if you lose a provider, you will lose all your sessions, even under best practices and best possible configuration scenario.
    One alternative may be to inquire about redundant service from your preferred provider. Depending on your location's service options, this may be possible. You would be to be diligent in ensuring that the redundancy is adequate to protect your connectivity (e.g., different upstream devices, diverse connections into your building, etc.) In such a service scenario, your provider may be able to retain your IP space and managing routing to you dynamically.
    Hope this helps.

  • Routing Issue with 2 Nics on Windows Server 2008 R2

    Good Day
    My issue is I needed to set up port forwarding for a web server to communicate with our hotels management server to check availability.
    Initially the server has a single Nic configured in the 172.26.1.0 /24 network  , Its default gateway the Switch vlan interface 172.26.1.1
    We have many vlans for all the systems in the hotel and the server also needs to communicate with 3 other servers on different subnets which it does just fine.
    I now added an additional adsl line with a managed router which has an interface of 192.168.10.1 /24 , My servers second NIC has the IP address 192.168.10.2 with its gateway being the 192.168.10.1
    This 192.168.10.0 network is in a L2 Vlan and the rest of the network does not know it exists. It was working fine then just stopped asfter i added a static route to the server , which i did with RRas... I did this as the server could not communicate with
    just one of the servers..
    If i disable the 172.26.1.0 NIC the port forwarding works but then obviously the rest of the network goes down.. I know its a routing issue but am lost
    please help

    Hello,
    using multiple default gateways is not a good idea.
    See details in http://support.microsoft.com/kb/159168/en-us
    Best regards
    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://blogs.msmvps.com/MWeber
    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
    Twitter:  

  • Make a router out of a simple notebook with one NIC (buy a second NIC)

    Hello all,
    Before starting, I think I must say hello to you because I'm new here : this is my first post . So, in fact, I'm working with Linux since 5 years. I'm running Gentoo on my workstation and my old server, Ubuntu on my notebook and for family, and finaly, I'm running Red Hat at work place for workstation and servers. I'm a Linux and JBoss administrator .
    I've decided to run/try Arch because it seams to growth with rock-solid ideas and it's a binary distribution. I now prefer a binary distribution for my server, because it's taking too much time to let old computer or notebook compile the whole world (alone or not ...). I prefer now looking around and learn another Linux distribution. This is why I started to install my first Arch Linux : I will try to run a server on a simple notebook. In fact, it's a working machine, but without any graphics capabilities (memory has burned...), and so, perfect for a little server low consumption. I want it to replace my current server/router running Gentoo on an old Pentium 3.
    For now, I've encountered these little problem :
    - LID problem when screen is close : reboot never work (power off just after the BIOS, when the LID state is "screen closed"...) => disable LID connection (unplugged from motherboard)
    - ssh problem => must now use "/etc/hosts.allow" to let remote machine to be connected
    - try routing packet with one NIC => for now, doesn't work ...
    - try to get X11 Forwarding => doesn't work too, but it will works quickly
    My infrastructure is just a server/router splitting in two part for the LAN at home :
    - one part is LAN with all workstations
    - the other part is LAN_router which is another network with only the ADSL router to access internet
    So, its looking like this : <machine1> => <switch> => <[eth1]server/router[eth0]> => <switch> => <router_ADSL> => INTERNET
    All is fine ... with the old machine ... for the new one, it has only one network interface ... The question is : how to do routing with only one NIC ???
    In theory, I "should" work ... but .. some component can have some little hard time to do the right things .. and for me, is not working right now.
    The first try is to use one interface with one IP aliasing, like this :
    2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:1d:e4:a3:d5:1a brd ff:ff:ff:ff:ff:ff
    inet 10.2.1.8/26 brd 10.2.1.63 scope global eth0
    inet 10.2.1.66/26 brd 10.2.1.127 scope global eth0:0
    inet6 fc80::21a:e2ff:fea3:d56a/64 scope link
    valid_lft forever preferred_lft forever
    Two sub network are used :
    - 10.2.1.0/26
    - 10.2.1.64/26
    I must have 2 ip on one NIC, so aliasing can be used (when testing, the new server/router is able to ping a workstation and the ADSL router ; it can also use internet). I've heart there is some problem with "iptables" to set forwarding rules when using IP Aliasing ... but I prefer try myself . It doesn't work for now, probably because of this. But, is there a way to use a "workaround" ? For example, if "iptables" is not able to play with aliasing, and so, interface such as "eth0:0", may be there is a way to tell it, like this :
    [root@serveurn ~]# iptables-save
    # Generated by iptables-save v1.4.10 on Sun Dec 12 17:30:01 2010
    *nat
    :PREROUTING ACCEPT [0:0]
    :INPUT ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :POSTROUTING ACCEPT [0:0]
    -A POSTROUTING ! -d 10.2.1.0/26 -o eth0 -j SNAT --to-source 10.2.1.66
    COMMIT
    # Completed on Sun Dec 12 17:30:01 2010
    # Generated by iptables-save v1.4.10 on Sun Dec 12 17:30:01 2010
    *filter
    :INPUT DROP [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [9:932]
    -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -i lo -j ACCEPT
    -A INPUT -p icmp -j ACCEPT
    -A INPUT -s 10.2.1.0/26 -p tcp -m tcp --dport 22 -j ACCEPT
    -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
    COMMIT
    # Completed on Sun Dec 12 17:30:01 2010
    ... use the interface "eth0" (for the whole throughput) and do SNAT for all excepted for the LAN network ? But it seams to not work ...
    I got a second idea : if it wan't work with aliasing ... may be can I use virtual interface and bridge ... create a bridge with "eth0" and "tap0" so I can add more than one ip in the machine .. and may be, will be able to route packet from these two interface ???
    But for now, I have to understand why X11 Forwarding don't work ...
    EDIT: xorg problem solved : xorg-auth was requested ...
    Last edited by loopx (2011-01-09 18:08:28)

    fukawi2 wrote:" ...it is dirty and nasty and shouldn't be done unless you're stuck on a deserted island and your only hope of rescue is building a router out of 2 coconuts, a sea shell and a single NIC that was washed up on the beach in the last storm. "
    PRICELESS !!
    @loopx: Honestly: return the USB NIC you just got, buy a compatible device(maybe an asus rt-n16) and install dd-wrt. You'll be a lot happier....
    Last edited by Daniel_F (2011-01-10 00:34:08)

  • Enabling Jumbo Frames in Solaris 10 with Intel NIC

    Hello all! I have a Solaris 10 machine with dual Intel NICs that I wish to enable jumbo frames on, but I am unable to find any clear guidance on how to do so. Could someone either provide guidance on this or point me in the proper direction?
    Thank you in advance!

    Hello all! I have a Solaris 10 machine with dual Intel NICs that I wish to enable jumbo frames on, but I am unable to find any clear guidance on how to do so. Could someone either provide guidance on this or point me in the proper direction?
    Thank you in advance!

  • RAC connection problem with interconnect NIC failure

    We have an 11g 2-node test RAC setup on RHEL 4 that is configured to have no load balancing (client or server), with Node2 existing as a failover node only. Connection and vip failover works fine in most situations (public interface fail, node fail, cable pull, node 2 interconnect fail, interconnect switch fail etc etc).
    When the node1 interconnect card failure is emulated (ifdown eth1):
    node2 gets evicted and reboots
    failover of existing connections occurs
    VIP from node2 is relocated to node1
    However new connection attempts from clients and the server receive a ORA-12541: TNS:no listener message.
    The basis of this is the issue that in the event of an interconnect failure, the lowest number node is supposed to survive - it looks like this includes the situation where the lowest number node has a failed interconnect NIC; ie it has a hardware fault.
    I checked this with Oracle via an iTAR quite some time ago (under 10g) and they eventually confirmed that this eviction of the healthy 2nd node is correct behaviour. In 10g, this situation would result in the remaining instance failing due to the unavailable NIC, however I did not get the chance to fully test and resolve this with Oracle.
    In 11g, the alert log continuously reports the NIC's unavailability. The instance remains up, but new connections cannot be established. If the NIC is re-enabled then new connections are able to be established. At all times, srvctl status nodeapps on the surviving node and lsnrtcl show that the listener is functional.
    The alert log reports the following, regarding a failed W000 or M000 process:
    ospid 13165: network interface with IP address 192.168.1.1 no longer operational
    requested interface 19.2.168.1.1 not found. Check output from ifconfig command
    ORA-603 : opidrv aborting process W000 ospid (16474_2083223480)
    Process W000 died, see its trace file
    The W000 trace file refers to an Invalid IP Address 192.168.1.1 (the interconnect ip address) obviously the source of the process dying.
    Finally, if I restart the remaining instance via srvctl stop/start instance with the NIC still unavailable, the instance will allow new connections and does not report the failures of the W000/M000 process or appear to care about the failed NIC.
    Before I go down the iTAR path or start posting details of the configuration, has anyone else experienced/resolved this, or can anyone else test it out?
    Thanks for any input,
    Gavin
    Listener.ora is:
    SID_LIST_LISTENER_NODE1=
    (SID_LIST=
    (SID_DESC=
    (ORACLE_HOME=/u01/app/oracle/product/11.1.0/db_1)
    (SID_NAME=RAC_INST)
    (SID_DESC=
    (ORACLE_HOME=/u01/app/oracle/product/11.1.0/db_1)
    (SID_NAME=RAC_INST1)
    (SID_DESC=
    (ORACLE_HOME=/u01/app/oracle/product/11.1.0/db_1)
    (SID_NAME=RAC_INST2)
    SID_LIST_LISTENER_NODE2=
    (SID_LIST=
    (SID_DESC=
    (ORACLE_HOME=/u01/app/oracle/product/11.1.0/db_1)
    (SID_NAME=RAC_INST)
    (SID_DESC=
    (ORACLE_HOME=/u01/app/oracle/product/11.1.0/db_1)
    (SID_NAME=RAC_INST2)
    (SID_DESC=
    (ORACLE_HOME=/u01/app/oracle/product/11.1.0/db_1)
    (SID_NAME=RAC_INST1)
    LISTENER_NODE1 =
    (DESCRIPTION_LIST =
    (DESCRIPTION =
    (ADDRESS = (PROTOCOL=TCP)(HOST=vip-NODE1)(PORT=1521)(IP=FIRST))
    (ADDRESS = (PROTOCOL=TCP)(HOST=NODE1)(PORT=1521)(IP=FIRST))
    LISTENER_NODE2 =
    (DESCRIPTION_LIST =
    (DESCRIPTION =
    (ADDRESS = (PROTOCOL=TCP)(HOST=vip-NODE2)(PORT=1521)(IP=FIRST))
    (ADDRESS = (PROTOCOL=TCP)(HOST=NODE2)(PORT=1521)(IP=FIRST))
    )

    Thanks for your reply.
    There is no NIC bonding - the interconnect is a single, dedicated Gigabit link connected via a dedicated switch: plenty of bandwidth.
    I know that providing interconnect NIC redundancy would provide a fallback position on this (although how far do you go: redundant interconnect switches as well?), and that remains an option.
    However that's not the point. RAC does not require a redundant interconnect - as a high-availability solution it should inherently provide a failover position that continues to provide an available instance, as it does for all other component failures.
    Unless I've made a mistake in the configuration (which is very possible, but all the other successful failover scenarios suggest I haven't), then this could be a scenario that renders a 2-node cluster unavailable to new connections.
    Gavin

  • Screen Sharing problem with dual monitors in 10.6

    When I'm using Screen Sharing from my Macbook to my iMac with dual displays (10.6.1 on both machines) It works fine when I initially connect, but when I switch to Display 1, it shows me Display 1, but though my cursor moves, I can't click on anything. It won't let me go back to viewing both displays either, and changing from Adaptive to Full Quality or vice-versa makes no difference, as does Scaling. This happens whether I'm on my local network or using Back-to-my-Mac. It was working fine under Leopard, but has been exhibiting this behavior since the 10.6 upgrade.
    Mark

    This is a very irritating bug. One thing that has worked for me a couple of times (I think a couple of times it also didn't work) is to turn on mirroring. Screen sharing then only shows one monitor, since they are both the same. I'm not sure if the monitors have to have the same resolution for this to work, mine do. The nice thing about this is that before quitting the screen sharing app you can just turn mirroring off again and it will go back to normal. It's easiest to do this by enabling the 'show displays in menu bar' in your displays preferences.

  • Proliant DL380 G5 - Dual nic drops gateway after windows update.

    On yesterday Microsoft windows update updated my DL 380 G5 sever. Part of the update was a nic driver. Needless to say the server didn’t like the update. After the update, the dual nic card will not keep the gateway. I've rolled back the driver but still no luck. Any ideas on how to fix this? My first thought was roll back the driver. Second thought download the drivers from the manufacture but I cannot determine which nic it is. How can I go about finding the exact nic type and name?

    Hi:
    You may also want to post your question in the HP Business Support Forum -- DL Servers section:
    http://h30499.www3.hp.com/t5/ProLiant-Servers-ML-DL-SL/bd-p/itrc-264#.Ujohb18o7Gg

  • Dual nic NAS and Jumbo Frame

    I am posting this on the server area because I doubt I am going to get an answer anywhere else.
    I have a linux based NAS running netatalk and avahi (afp server and bonjour) with two nics and I have a brand new Mac Pro with two NICS. What I want to do is run a crossover cable between the NAS and the Mac Pro in addition to both being plugged into the normal network. The normal network would have 1500 byte mtu so my internet performance and all of the various vintages of print servers work ok. The dedicated network would have jumbo frames. As we get more Mac Pros, we would add a switch and more machines to this secondary jumbo frame network.
    That in theory should work fine (I have done it with other operating systems). My quandary is how to get the Mac to always connect to the NAS via the Jumbo nic and not through the other nic? The Mac learns of the server via Bonjour, so how do I tell it to prefer the "appearance" of the server on the jumbo NIC vs the appearance on the normal network. I know with WINS or DNS I can override the name resolution with a LMHOSTS or hosts file entry, can I do the same with Bonjour?
    Thanks for any help or any pointers in the right direction!

    I think you are misguided in your assumption that I am not intimately familiar with TCP and don't know what I am talking about.
    TCP does not "negotiate" MSS, it advertises the MSS of each side to the remote in the 3 way handshake. It is perfectly acceptable to have asymetric MSS values. TCP does NOT NEGOTIATE a common MSS size. On a LAN, this will result in a functional communication. UDP however does not have such mechanisms and will fail.
    TCP will also not function properly in the scnario of my local workstaion with jumbos enabled communicating with a distant endpoint that also has jumbos enabled across a transit network that does not support the maximum MSS used by one of the end stations. For giggles let's say the far end is FDDI and has 4k frame size. Our transit does not support frame sizes larger than the "natural" frame size of 576 bytes. We will use a 4k frame size from me to the remote and a 9k from the remote to me. If the remote sends to me it can use the full 4k MSS of token ring because its less than my MSS. In the reverse my workstation would send 4k frames back to the token ring station. Successful communication would then depend on path MTU and intermediary routers to send ICMP type 3 code 4 messages to signal back to our end stations to reduce our MSS (assuming the DF bit is set on our traffic or the transit router is incapable of fragmentation).
    This is perhaps a bit of a flippant example in that nobody would be running FDDI or Token ring anymore, but random entities on the internet will run jumbo frame and perhaps some other l2 technology we aren't familiar with.
    Did you ever deal with someone on a token ring segment trying to hit 3Com's web site when it was fddi or token ring? I have on several occasions. I also see this with VPNs all the time. Cisco's genius recomendation is to reduce your MSS on your server as some of their products don't support PMTU. I have had a Cisco <-> Juniper VPN where transfers worked one way because the Juniper would silently strip the DF bit from the packet and fragment it and the Cisco router (38xx) wouldn't do the same in the reverse direction. I also went through **** with the Nortel Contivity VPN devices while they sorted out what to do with the whole MTU negotiation issue.
    I have spent many hours of my life pouring through sniffer captures because of mismatched MTUs. Let's not forget the old days of FDDI backbones with ethernet segments bridged across them and FDDI attached servers... mismatched buffers... no thanks.
    I therefore don't want to waste my time troubleshooting some bizzare networking issue when there is a perfectly valid way of solving the issue for absolutely minimal expense. I am moving large files here (certainly large enough to get well out of TCP slow start), we easily saturate the full gig link minutes at a time and a saturated gigabit link at standard frame size is inefficient due to the interpacket gap which is locked at 96 bit times for ethernet and the 40 bytes of TCP/IP header plus whatever application payload is prepended per packet on each link. Cutting the number of TCP/IP headers and (probably more importantly since most decent nics do checksum offload these days) application layer headers also reduces load on both client and server.
    On large sequential bulk data transfers jumbo frame effectively increases performance and reduces overhead. Period. I have implemented it from the early days of Alteon hardware in Sun servers through Juniper EX products last week. Every iSCSI implementation I run into is jumbo frame based for those exact reasons.
    That being said, I don't need to restrict anything. All I want to do is to override bonjour/mDNS for this particular host such that the Pro always communicates over the jumbo segment. This is easily accomplished in windows with an LMHOST entry or in a unix environment with a HOSTS file entry. Is there some way to override bonjour from the client side? I'm ok even statically defining the services presented by bonjour on this host.
    I am also willing to force all bonjour requests through a DNS server, however Apple doesn't have any decent documentation on how this is accomplished in an enterprise environment.

  • Leopard server 10.5.6 with two nic card and two hostname

    Hi,
    Here is what I am intending to do but don't know how:
    -setup a Mac server that has 2 built-in nic.
    -nic1 is setup as a DHCP, has proper hostname, DNS, etc. and connects to internet and is easy when you configure it as a server while is connected.
    -But, my other nic2 is not DHCP and is cut off from outside and is intended for internal research, but given a proper IP and hostname.
    If I want to install the server, then without internet connection it is hard to complete the setup and If I do then it assigns the hostname pointing to the nic1 (which i don't want)
    How should I go about this? I tried both way, but Mac picks the hostname that is associated with nic1 always.
    Any help is appreciated!
    Thanks

    Can you do what you want? Sure. (If I understand what you're up to.) But it gets a little ugly.
    It's easier to use a firewall-router-NAT device here.
    Dual-NIC configurations and IP are an interesting case.
    A firewall-router-NAT configuration and the resulting IP routing works out of the box. It also avoids the case where users and software are active on the firewall (as is the case with a dual-NIC host system acting as a firewall), and where these activities happen to modify the firewall configuration; this whether by accident, by intention, or through an exploit. Firewalls are best kept locked down.
    If you want to learn IP routing and preferred paths and other network-level considerations, then by all means do continue to work with a dual-NIC host system. (This isn't specific to Mac, either. This is simply how IP and IP routing works. There's no concept of automatically returning the packets of a connection out the same controller that the connection arrived on, for instance. And various IP protocols don't use connections.)
    As for DNS and particularly with NAT, you'll probably end up with a split configuration. I'd tend to have an external DNS provider translate the public DNS domain and the public address, and have the NAT box (with port forwarding) map that to the appropriate private IP address. Within the private address space, a private DNS domain (a subdomain of a public registered domain, or a separate registered domain) uses the local (private) DNS server to resolve its queries, and that DNS server forwards queries for which it is not authoritative to the organization's public DNS server.
    Do use node.foo.example.com and node.example.com (where you own example.com) or use node.example.com and node.example.net (where you hold both domains), with the former being external and the latter being the internal address space. Having the same name resolve to two different IP addresses gets weird, as (for instance) a laptop moving between domains (particularly in the co-presence of that abomination known as NAT) may not end up routing its IP traffic where you expect. Having the convention of a specific internal subdomain or a specific internal domain also makes the "inside versus outside" distinction very clear, too. It's possible to use a completely private domain internally, but (given ICANN is opening up TLDs, and in the absence of an ICANN-reserved internal-only domain) I don't recommend that.
    If you want to continue with the original course of action, this IP routing and split DNS is a common question. Dig around in the forums, and dig around specifically for discussions of IP default routing, for split-brain or split-horizon or split-zone DNS, consider acquiring Cricket Liu's DNS book (which is what we all usually go read when we hit a DNS weirdness), and for tools such as the CutEdge Systems DNS Enabler tool.

Maybe you are looking for