Best Practice DSS7/Active-Active mpio w/ XenServer 6.2
Hello Sirs,
I have some conceptional Questions regarding an Active-Active Setup in conjunction with XenServer 6.2. I use 2 Supermicro Storages with DSS7 against a bunch of XenServer 6.2 Hypervisors:
I used the XenServer primary IP's on the Hostport as Pingnode and have setup Alias IP's so the XenServer's can reach the Virtual IP's of the SAN.
Now, when I add an SR (Storage Repository) in Xen, I enter 192.168.81.100 to reach mirrorset0. I can connect it to the Pool, but what scares me is that I XenCenter (as well as multipath -ll) shows me 5 active mpio pathes to the open-e mirror0, but I think I should only have two. It's both Virtual IP's (which I think is correct, as well as the "physical" IP's of the Hostports as well as the Management Network, that are valid pathes to the Volume. What I could do was following the Hint from some tutorials and block the Communication of the XenServer Hosts and the open-e Nodes with iptables. OK, that works, but I still have 4 pathes left (2x Virtual IP, 2x Physical IP). Is this good? From my understanding the Failover Functionality only works through the Virtual IP's (so arp-tricking works to instantly re-route the traffic to the backup-node). But having the physical ip's of the Hostports in my mpio pathlist doesn't seem right, because I bypass the Failover logic somehow. I fear splitbrain problem when a Failover occurs.
This boils to few simple questions:
- Is it wise to have the Xen Hosts have IP's from the Hostports IP Range of the open-e?
- Is it wise to use the Xen Hosts as ping-nodes?
- Is it wise to have more then 2 mpio path (or as many as you have virtual ips) when using a iscsi Volume with Failover enabled?
- Shouldn't there be a setting to tell mpio on the open-e's to only announce Virtual IP's when in Failover mode, and not ALL local NIC's it sees?
- Is it wise to have the Xen Hosts have IP's from the Hostports IP Range of the open-e?
Use IPTables and block all uneeded paths. Only connect to the VIP. - Is it wise to use the Xen Hosts as ping-nodes?
A better choice would be switches or routers. - Is it wise to have more then 2 mpio path (or as many as you have virtual ips) when using a iscsi Volume with Failover enabled?
MPIO should match the same amount of VIP. - Shouldn't there be a setting to tell mpio on the open-e's to only announce Virtual IP's when in Failover mode, and not ALL local NIC's it sees?
Targets are broadcast on all IPs. You may use allow/deny rules to block connections on the storage side.