[ previous ] [ next ] [ threads ]
 
 From:  Andrew Lewis <andrew at coastal dot com>
 To:  Alexander Goldstone <m0n0wall dash list at zander dot net>
 Cc:  "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] LoadBalancing revisited
 Date:  Fri, 13 Feb 2004 10:37:30 -0500 
Alexander Goldstone wrote:
> I am not sure load balancing should be carried out by a firewall. Would it not
> be better to have a dedicated firewall(S) for each connection.

If you are describing separate hardware units I think that would 
increase the complexity of the whole thing exponentially.  I don't see 
how it would be worth it.

> Automatic failover, however, would be good. Failover itself would be fairly
> trivial to add unless you expected state to be kept. It would be a bit more
> work to automatically update the configuration of the backup firewall as the
> primary firewall was changed. It would be a much larger job to failover keeping
> state.

In my case each WAN link has a different IP subnet.  It wouldn't be 
possible to perform a stateful failover.