[ previous ] [ next ] [ threads ]
 
 From:  "M. G. (Michael) de Bruin" <mg dot debruin at buum dot nl>
 To:  Peter Allgeyer <allgeyer at web dot de>
 Cc:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] m0n0wall-failover
 Date:  Wed, 12 Jan 2005 23:30:29 +0100
Peter Allgeyer wrote:
> Am Freitag, den 24.12.2004, 00:24 +0100 schrieb Daniele Guazzoni:
> 
>>I'm working on a failover version of m0n0wall using freeVRRP.
>>The VRRP implementation is not a big issue, the headache part is the
>>configuration replica/synchronization between primary and secondary...
> 
> I don't really think we need this replication between the nodes. Just
> like Nokias IP Series we can configure each node by hand. Syncing the
> filter and NAT rules would be enough. This can be done by syncing the
> appropriate part of the config.xml.
> 
> 
>>What does the list think about this ?
>>Any idea, hints, any obscure freeBSD port ?
>>I maybe need some help on PHP changes (I'm not a PHP guru...) any
>>volountier ?
> 
> The really problem is state- and NAT-table syncronisation. Without this,
> any failover/vrrp/whatsoever solution doesn't make much sense. Therefor
> many people thought about using pf/carp. Maybe carp is a solution for
> dynamically assigned IP addresses, I don't know. For using pf you'll

Well, this will only be a problem if you want statefull failover. I 
think for a lot of people, stateless failover would be an extremely good 
start and another reason to switch to m0n0wall for enterprise use. Maybe 
designwise it is smart to think about adding it, but featurewise adding 
stateless is a smart move.

> need FreeBSD 5.x. Another problem with pf is, that you have to use
> proxies in userland for such simple things like ftp-data. Not really
> nice, nor really performant, but not unresolvable. I found a hint about
> an existing state- and NAT-table syncronisation for ipfilter from the
> author of ipfilter himself. But he isn't considering making the code
> free.
> 
> This all has stoped me coding a HA-solution. Any suggestions?

Start coding again ;)

Cheers,

Michael
smime.p7s (4.2 KB, application/x-pkcs7-signature)