View previous topic :: View next topic |
Author |
Message |
Vieri l33t
Joined: 18 Dec 2005 Posts: 881
|
Posted: Fri Feb 22, 2013 8:28 am Post subject: network interface shutdown |
|
|
Hi,
When I stop an ethernet interface via /etc/init.d/net.ethx stop or restart, init stops network services listening on this interface, as expected (ie. apache, squid, etc.).
However, I'm wondering if an interface can be brought down while leaving the services listening on this nic running. Will they simply die/crash if the underlying interface is down? Or is it impossible to bring a nic down untill all services bound to it are also down?
What I'd like to do under certain circumstances is bring the interfaces down, make a few quick changes and bring them all back up (max. 5 seconds). However, if bringing down a nic via the init scripts makes me have to wait for all associated services to cleanly shut down (and bringing it back up would also imply waiting all services to cleanly come back up again from scratch) then I'm certainly going to have to wait a lot more than 5 seconds.
I don't really care if the services fail or crash when I bring the nics down (at most I'd take care in stopping databases and such before bringing the nics down). That's because I'd "restart" them right after getting the nics back up.
So how would you suggest to bring all NICs down (forced shutdown) as quickly as possible without shutting down any service and then bring them ALL back up and only afterwards restart all services?
Thanks
Vieri |
|
Back to top |
|
|
Jaglover Watchman
Joined: 29 May 2005 Posts: 8291 Location: Saint Amant, Acadiana
|
|
Back to top |
|
|
Vieri l33t
Joined: 18 Dec 2005 Posts: 881
|
Posted: Fri Feb 22, 2013 1:41 pm Post subject: |
|
|
Just a dumb and quick example:
suppose I have a server with 5 NICs connected and the machine routes traffic between these interfaces (iptables) but also serves, say, Apache and Squid on 0.0.0.0. At some point I may need to physically disconnect all NICs except 1 and have the system act as a bridge with different iptables rules and an admin IP address that can still serve the same daemons such as http and proxy.
The only thing is that this process/change must be as quick as possible. Not as far as the services are concerned (http/proxy/etc.) but as far as the network configuration/router2bridge/iptables settings are concerned. |
|
Back to top |
|
|
|