Thursday, February 15, 2007

Creating Virtual IP Addresses on Linux

Virtual IP addresses (or VIPs) allow you to use multiple IPs on a single physical network interface. Creating virtual IP addresses is often done to allow webservers to host multiple SSL encrypted web sites on a single webserver or to allow cluster suites to communicate on a dedicated IP address. This article will cover the two primary means of creating virtual IPs on a Linux host.

ifconfig

The first and most common method employed is to use the Linux command 'ifconfig' to create a VIP in the following manner, assuming that the interface being used is eth1.

# ifconfig eth1:0 192.168.1.28

This command will create a VIP on eth0 with a name of eth1:0 and will look like the following:

eth1:0 Link encap:Ethernet HWaddr 00:14:6C:83:39:92
inet addr:192.168.1.28 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:33442 errors:0 dropped:0 overruns:0 frame:0
TX packets:38225 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:20240563 (19.3 Mb) TX bytes:3483829 (3.3 Mb)
Interrupt:18


This command creates an apparent separate device from eth1 with it's own IP address, netmask, and broadcast address. This VIP can now be used to host services and servers, fielding connections to clients or other hosts.

To remove the VIP, simply execute ifconfig on the device with the down command:

# ifconfig eth1:0 down

iproute2

The iproute tool set is tremendously powerful and not often used, even by experienced administrators. The description of the ip command from the man pages describes this suite well:

ip - show / manipulate routing, devices, policy routing and tunnels

While one can easily perform complex tasks on the network stack of any Linux host with this tool, this article will restrict it's coverage to creating VIPs. The command to create a VIP using the ip command is as follows:

# ip addr add 192.168.1.28 dev eth1


Interesting enough, when the previous command is issued, ifconfig does not show anything different. To see the new VIP, one must use the ip command as follows:

ip addr show

When this command is executed, the output will appear like the following:

3: eth1: mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:14:6c:83:39:92 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.10/24 brd 192.168.1.255 scope global eth1
inet 192.168.1.28/32 scope global eth1

This output is similar to that of a more traditional UNIX variant when compared to the output of ifconfig. The VIP created here can now be used for any purpose deemed suitable by the administrator.

To remove the VIP, execute the ip command with the following options:

ip addr del 192.168.1.28/32 dev eth1

Note that the device must be specified when creating and deleting the VIP for it to function properly. Note also that the subnet mask was specified on the deletion command and that this is not required.

Conclusion

Creating VIPs is a very simple task and one that can benefit every system administrator. Once learned, these techniques will be a great asset for common networking tasks.

2 comments:

Claude Lalyre said...

Absolutely terrific and marvallous !

Claude Lalyre said...

Really great ! It solves all my problems !