I think this is what you're looking for - http://docs.sun.com/app/docs/doc/816-4554/emqra?l=all&a=view
and for the whole book section on IPMP - http://docs.sun.com/app/docs/doc/816-4554/ipmptm-1?l=all&a=view On a side note - for Solaris, when google-fu fails, I recommend going to docs.sun.com and typing in your search term (IPMP). It's not as good an indexer as google is, and it redirects through oracle.com at weird points, but it still works if you're patient enough to poke through some links. To summarize, IPMP dynamically picks what hosts to probe with ICMP. If there are routers, it pings those. If no routers work, it picks hosts that respond on the subnet. Finding those hosts is probably the broadcast pings (ICMP echo = ping) that you're seeing, it's constantly checking for new things because just the one thing is currently responding (the other Sun host, which probably wasn't configured to block ICMP because the admin wasn't security-crazy). There's a section in there that sounds like you can use routing to direct it to ping specific hosts. In my experience, the best option is to configure your routers/firewalls to allow it to respond to hosts on it's own subnet (or just on subnets where you have multipathing running - allow ICMP type 8 = echo = ping). Some shops seem to think this somehow compromises security, but I've never had a valid explanation how allowing it in limited contexts (for specific server subnets) could be a problem. When I've gotten the 'we have a standard security profile and everything must conform to this profile' another approach I've used is to bring the documents and explain yes, we're sorry, we think it sucks too, but in order for our servers to be as reliable as the network, this is absolutely required for network path redundancy on Solaris to be able to ping the router. And can't such a shiny cool firewall be configured to allow a policy exception when necessity requires it? :) Best of luck! Brian > >> >> From: Jeremy Charles <[email protected]> >> To: LOPSA Tech List <[email protected]> >> Sent: Wed, September 15, 2010 11:50:45 AM >> Subject: [lopsa-tech] Solaris IP multipath behavior >> >> >> One of our server admins is telling me that his Solaris server's IP >> multipathing >> software is checking connectivity to the default gateway by sending ICMP >> echo >> requests addressed to the following: >> >> MAC address ff:ff:ff:ff:ff:ff >> IP address 0.0.0.0 >> >> He's telling me that the Solaris host is expecting to see the default >> gateway >> respond to that. >> >> Does anyone else view this as one or more of the following: >> 1) The actual expected behavior of Solaris IP multipathing >> 2) Something isn't completely configured >> 3) Non-intelligent design >> >> My google-fu is coming up empty on trying to either substantiate this as the >> expected behavior or provide troubleshooting help. >> >> (The operational problem is that the Solaris host is in a subnet where the >> default gateway is a Cisco Firewall Services Module, which doesn't respond >> to >> the above. There are two Solaris hosts in that subnet and they DO respond >> to >> those pings. Unfortunately, when one Solaris host goes down, the other one >> stops seeing the ping responses, so it takes down its services too.) >> >> >> === >> Jeremy Charles >> Epic - Computer and Technology Services Division >> [email protected] >> >> Phone: 608-271-9000 Fax: 608-271-7237 >> > > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://lopsa.org/pipermail/tech/attachments/20100917/e4bef418/attachment.htm > > ------------------------------ > > _______________________________________________ > Tech mailing list > [email protected] > http://lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ > > > End of Tech Digest, Vol 59, Issue 10 > ************************************ _______________________________________________ Tech mailing list [email protected] http://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
