|
||||||||||
I am not sure load balancing should be carried out by a firewall. Would it not be better to have a dedicated firewall(S) for each connection. Automatic failover, however, would be good. Failover itself would be fairly trivial to add unless you expected state to be kept. It would be a bit more work to automatically update the configuration of the backup firewall as the primary firewall was changed. It would be a much larger job to failover keeping state. Alex. Quoting Andrew Lewis <andrew at coastal dot com>: > > > Mitch (WebCob) wrote: > > Hi Andrew - Haven't heard of any more work... though a bunch of us are > > pondering solutions... > > I certainly wouldn't mind being a test site. > > > If you have ideas on HOW those other two work - share please. > > There seem to be two parts: the load balancing and the failover. > > The load balancing seems to monitor the NAT and firewall state tables to > determine which ethernet interface gets the new connection. (Connection > being a new NAT/PAT table entry). The determination of which interface > to use is based on whatever the user defines. Things like: > > -Traffic spill over: One link is saturated, use the other > -Connection percentage: One link gets 80% of all connections > -Plain failover: if one is down, use the other > > The failover mechanism does periodic simple PING or TCP connects on > remote hosts to determine if the ISP is up. > > Unfortunately I'm not familiar enough with the firewall and routing > mechanisms in m0n0wall to even speculate on how to implement it. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > |