Summary

This Knowledgebase article provides information about Neverfail Continuity Engine's public identity. 

Public IPs 

Public IPs are now added when a machine goes active and removed when a machine goes passive, they are also filtered by the new packet filter too. 

While Neverfail Continuity Engine is running, the public IPs on the active server are in memory only; they are not persisted, however when Neverfail Continuity Engine exits on the active server it converts the in memory public IP(s) to persistent IP(s). Why is this performed? In the event the active server fails or some one pulls the plug, because the public IP is in memory only, when the machine is restarted it will not have the public IP and hence no chance of IP conflicts. Once the servers re-connect they will establish who should be active and who gets the public IP. 

SkipAsSource for Public IPs 

Neverfail Continuity Engine's public IPs can now be configured to have the SkipAsSource flag set to on or off; setting the SkipAsSource flag to on prevents the IP from being selected by the operating system when an application opens a socket and the application does not specify a source IP. For example, when the user has multiple public IPs and want to use a single primary public IP for out going and incoming public traffic, but have other public IPs that are used for secondary purposes; in this case they would typically set the SkipAsSource flag on the secondary public addresses.

Note: Setting the SkipAsSource flag also prevents an IP address from being registered in DSN via Automatic DNS Registration. Neverfail Continuity Engine automatically disables Automatic DNS Registration.

To respect the existing SkipASource settings that the user may have configured prior to installing Neverfail Continuity Engine, Neverfail Continuity Engine discovers and records the SkipAsSource settings for the public IPs and persists them in the Neverfail Continuity Engine preferences during installation. After installation the SkipAsSource settings for each public IP can be viewed and modified via the configuration wizard. 

What happens to the SkipAsSource settings for public IPs during cloning? During cloning on a Neverfail Continuity Engine HA installation where the public IPs are the same on both the clone source and clone target, the public IP SkipAsSource settings  are copied from the clone source to the clone target. What this means in the context of a Neverfail Continuity Engine HA installation is that when the passive server is made active it gets the same public IPs with the same SkipAsSource settings that were present on the previously active server. During a clone in a Neverfail Continuity Engine DR installation where the public IPs are different, the SkipAsSource settings are NOT copied to the clone target, because there is no way to map the settings between differing public IPs that will work all the time. In the case of DR where the public IPs are different, the user must use the configuration wizard to manually configured the SkipAsSource settings on the clone target, if they are needed. 

Procedure: How to Configure SkipAsSource

If we want to change the public IPs we can do this via the Server Configuration wizard.  It is not necessary to add the new ones or remove the old ones from the physical interfaces or make any packet filter adjustments, we can simply change them in the Server Configuration wizard. Once Neverfail Continuity Engine is restarted it will remove the old public IPs and add the new public IPs to the active server and update the packet filter settings. Notice the check box used to configure the SkipAsSource setting for the public IP and how it is displayed in the list with the additional text (SkipAsSource). 

Channel IPs

The channel IPs are configured and persisted by Neverfail Continuity Engine. When Neverfail Continuity Engine starts it checks to see if the channel IPs exist or exist on the wrong interfaces and makes sure they exist on the correct interfaces. Channel IPs can be in the same subnet as the public IPs and won't be used for outbound public traffic. This is possible because by default on the active server the channel IPs have the "SkipAsSource flag" set on them which prevents them from being selected as a source IP addresses by the operating system. However this means if we want to sanity check the connection across the channel using ping we need to specify a source IP:

Why isn't the channel affected by SkipAsSource? Our channel isn't affected by the SkipAsSource flag because we specify the source and target IPs for the channel connections explicitly; its only socket connections that don't explicitly specify a source IP that are affected by the "SkipAsSource flag".

SkipAsSource for Channel IPs

In the previous section we discussed the default settings for the SkipAsSource flag for channel IPs. Neverfail Continuity Engine now provides the ability to change how Neverfail Continuity Engine configures the SkipAsSource flag on the channel IPs. This feature is referred to as the Channel IP SkipAsSource Policy.  The allowable settings are:

• Never Skip : channel IPs will never have the SkipAsSource flag set, so IPs will be available for out going socket connections.
  
• Always Skip : channel IPs will always have the SkipAsSource flag set, so IPs will not be available for outgoing socket connections. 
  
• Skip when Active (default) : channel IPs will have the SkipAsSource flag set when the server is active but not when the server is passive. This means the channel IPs will not interfere with public traffic on the active server but will be available for out going connections on the passive server.
  
• Skip when Active and Public subnet : channel IPs will have the SkipAsSource flag set when the server is active and the channel IP address is in the same subnet as a public IP address. When the server is passive the channel IP will not have the SkipAsSource flag set. This means the channel IPs will not interfere with public traffic. 
  

The reason for the default selection being "Skip when Active" and not "Skip when Active and Public subnet" is to prevent problems with the MSExchangeRPC service where having additional IPs regardless of what subnet they were in causes the exchange RPC service to fail. If Microsoft Exchange is not involved it would generally be safe to change the policy to be "Skip when Active and Public subnet".

SkipAsSource policy does affect RDP behavior from the active server to the passive server. In the past the users have used the channel to RDP from the active to the passive server, with v7.1.2 users have found this a challenge. So let me detail some scenarios:

• If the public IP and channel IPs are in the same subnet, then you will be able to RDP from your active server and target the channel IP on your passive server.
  
• If the public IP and channel IPs are in different subnets then you can change the channel SkipAsSource policy to Skip when Active and Public subnet, note that we don't recommend doing this with some versions of Microsoft Exchange and the channel IPs are on the same interface as the public IPs. This will allow the active channel IP to be used as source IP to target the passive's channel IP.
  
• You can add a management IP to your active server on a different interface to your public IP that is in the same subnet as your channel IP.
  

Procedure: How to Configure SkipAsSource for Channel IPs  

Changing the channel IPs via the Server Configuration wizard works in a similar way to the public IPs, you just change them in the Server Configuration wizard and restart Neverfail Continuity Engine. When Neverfail Continuity Engine restarts it will remove the old channel IPs and add the new channel IPs to the appropriate interfaces. Notice the ability to modify the Channel SkipAsSource policy via the selection box. 

Note that we now have to identify the adapter that the channel IP is associated with. Under the hood we map the interface name to the unique instance GUID for the interface and store this within the neverfail prefs ChannelMAC[server] so if the user changes the name of the interface it doesn't matter.

Note: There is a persistent property in the PublicIdentity component PublicIdentity.AlwaysSkipChannelIPs which can be set to true or false. If AlwaysSkipChannelIPs is set to true then it overrides the SkipAsSource policy set in the Server Configuration wizard and the effective setting is Always Skip.  

Applies To

Neverfail Continuity Engine all versions