HP-UX IPFilter Version A.03.05.14 Administrator's Guide

HP-UX IPFilter and Serviceguard

Using HP-UX IPFilter with Serviceguard

Chapter 10 139

Using HP-UX IPFilter with Serviceguard

HP-UX IPFilter supports local failover in a Serviceguard environment.

CAUTION NAT functionality is not supported with Serviceguard.

Local Failover

NOTE See the Serviceguard documentation for information on configuring a

local failover system in Serviceguard.

IPFilter local failover is transparent to users. Network sessions are not

disrupted during failover or failback.

You do not need to configure any additional rules in IPFilter. When an

interface fails over, the HP-UX IPFilter rules that specify interface

names are automatically changed.

For example, a node in a Serviceguard cluster has a primary interface

named lan0 and a standby interface named lan1. The following rule is

configured for lan0:

pass in on lan0 proto tcp from any to any port = telnet

Upon failover, the rule is automatically modified to:

pass in on lan1 proto tcp from any to any port = telnet

The rule will be changed back automatically on failback.

All rules that filter on interface names are changed at failover and

failback in both the active ruleset and the inactive ruleset. In addition,

logging reflects the changes; the standby interface name will appear in

logs and reports when it is in use.