pikemon — PIKE cluster protocol control daemon


pikemon [-hv]

pikemon [-d dbglev] -f cfgfile

pikemon [-d dbglev] -f cfgfile -c command

test-pikemon [-hv] [-d dbglev] -f cfgfile [-r] [-t test_expr]


The redundancy cluster feature of Kernun firewall needs a daemon monitoring the status of cluster members and operation ability using the PIKE protocol. This is the task of the pikemon application. The second task of the application is to execute special commands for controling the cluster. For this purpose, the application is called in non-daemon mode.

When started as the PIKE protocol monitor, pikemon reads the status-file and sets the (Master or Backup) role of the node according to the content of the file. Then it starts to check its health status by sending ICMP ECHO messages to all configured targets (ping groups) and monitoring status of interfaces defined in the configuration. It also starts to send HELLO messages from the PIKE protocol over the heart-beat interface to the cluster peer. The health status and the result of the dialogue with the partner in the cluster can lead to taking or dropping the Master role of the node.

Taking the Master role means stealing the shared virtual IP and MAC addresses of all controlled interfaces i.e. sending proper gratuitous ARP packets. Thus, all bridge interfaces must have the IP address assigned in the configuration. The MAC address is assigned as 02:IP address:00 by default, but it can be changed. The Backup node keeps the IP address assigned unless marked as nomadic in the pike item.

The daemon runs in fact as three processes, like Kernun proxies do. The main process just controls run of its children. The Asynchronous Configuration Resolver provides for DNS resolution refreshing. The regular child process handles the real operation and in its process information (shown by the ps), the current status of all virtual clusters is figured out. There is a group of three letters for each virtual cluster with following meaning:


This node wants to act as the primary node.


This node wants to act as the secondary node.


This node currently plays the Master role.


This node currently plays the Backup role.


This node has responses from all ping groups (up state).


This node did not get response from at least one ping group (down state).

The current status of this host and the cluster peer as well as results of pinging to the target hosts can be watched by the monitor(1) tool avaliable also as a command of the kat(8) tool.

When started with the -c option, pikemon reads the status file and the configuration, executes command requested and exits.


The pikemon daemon handles following signals:


Log level increasing.


Log level decreasing.


Operation status logging; parent process logs info about all children, child process logs current status of all ping groups.


Service termination; the daemon keeps the state until a new instance is started which kills it.


Immediate termination; the daemon immediately closes the service and drops Master role.



Print usage information.


Display version information and exit.

-d dbglev

Set debuging level to a specific number. Permitted values are 3 through to 9, 3 being the least and 9 the most verbose. See logging(7) for details. This setting is relevant only till configuration reading is finished.

-f cfgfile

Read cfgfile for configuration information.

-c command

Execute command (see below) and exit.


take [VCID]

Takes Master role in all virtual clusters, or just in the virtual cluster with number VCID.

drop [VCID]

Drops Master role in all virtual clusters, or just in the virtual cluster with number VCID.

See Also


This man page is a part of Kernun Firewall.
Copyright © 2000–2021 Trusted Network Solutions, a. s.
All rights reserved.