Posts
Let's say that you're testing a firewall rule for a particular cluster IP address. If you start to ping from any of the cluster nodes, you will actually ping from that node's IP address. This obviously won't test the firewall rule correctly. Instead you want to ping from the cluster's IP address. To do this you just need to look at the command line options for ping.
C:\Users\storyb.000>ping -? Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS] [-r count] [-s count] [[-j host-list] | [-k host-list]] [-w timeout] [-R] [-S srcaddr] [-4] [-6] target_name Options: -t Ping the specified host until stopped. To see statistics and continue - type Control-Break; To stop - type Control-C. -a Resolve addresses to hostnames. -n count Number of echo requests to send. -l size Send buffer size. -f Set Don't Fragment flag in packet (IPv4-only). -i TTL Time To Live. -v TOS Type Of Service (IPv4-only. This setting has been deprecated and has no effect on the type of service field in the IP Head er). -r count Record route for count hops (IPv4-only). -s count Timestamp for count hops (IPv4-only). -j host-list Loose source route along host-list (IPv4-only). -k host-list Strict source route along host-list (IPv4-only). -w timeout Timeout in milliseconds to wait for each reply. -R Use routing header to test reverse route also (IPv6-only). -S srcaddr Source address to use. -4 Force using IPv4. -6 Force using IPv6.
So from looking over this list it looks like -S will save the day which it will. By using ping -S <sourceIP> <dstIP> you can ping any host from the cluster's virtual IP.
No comments:
Post a Comment