[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Load balancing/failover

as much as this is an offtopic, imho,
you should do some more reading.
an ietf/vrrp mailing list is a good start, i believe.
Making, drinking tea and reading an opus magnum from Robert Schwartz:
> Great news!  There has been some interesting movement on the VRRP front.
> I have it running at home actually and I am more then willing (and
> hopefully able) to test any and all VRRP / HA solutions for firewalls
> from the public domain.  I got some Dell Celeron 433's from Ye Olde Used
> Compooter Shoppe for about 150$ total (with the extra NIC's) and an old
> hub to share the DSL modem and a small subnet of live IP's to use on
> this hub.
> I'm sure you've seen the HUT project for FreeBSD freevrrpd:
> http://www.bsdshell.net/hut_fvrrpd.html
> and it has been ported to OpenBSD by Blake Matheny
> http://www.backwatcher.com/~matheny/
> this is hard to get to compile (you need gmake for it and some other
> autoconf options)
> It was translated to an unofficial OpenBSD port by Chris Kuethe:
> http://archives.neohapsis.com/archives/openbsd/2002-07/1032.html
> I'm using the source port on one gateway and the "port" on another.  The
> "port" installs easy obviously but you end up with the same thing.
> That being said, there are problems.  The original porter (Blake
> Matheny) ported FreeVRRPD to OpenBSD (and his web site is down ATM) at
> version .84.  This works great for load balancing and HA for web
> servers, etc, but doesn't help if just 1 interface in my 8 legged
> firewall fails.  Version .85b from the HUT project added the "killer
> app" for firewalls:  Monitored Circuits!  Second, state information is
> not maintained when it fails over :(.
> So I would think that there's enough out there in the GPL area and
> enough work already done so that you wouldn't need to reinvent the
> wheel, just take the GPL'ed software already out there and finish the
> port / actively work with Sebastien Petit (the developer of FreeVRRPD)
> to keep it up to date with OpenBSD.
> I see that there are some comments on the patent issue that came in
> after this post.  This is very highly misunderstood by either me or
> them.  The heart of the matter was re-hashed 100000000 times with the
> OpenSSL thread on [email protected]  It's pretty much the same type of license:
> "Cisco  retains the right to assert patent claims against any party and
> any
> subsidiary of a party that asserts a patent it owns or controls, either
> directly or indirectly, against Cisco  or any of its subsidiaries or
> successors in title, including the right to claim damages for any prior 
> use or sale of VRRP by such a party."
> http://marc.theaimsgroup.com/?l=openbsd-misc&m=100758029726542&w=2
> http://marc.theaimsgroup.com/?l=openbsd-misc&m=102884286900348&w=2
> http://marc.theaimsgroup.com/?l=openbsd-misc&m=102902419103247&w=2
> 1) IANAL :) your mileage may vary, objects in the mirror are closer then
> they appear.
> 2) The issue is not that Cisco "owns" vrrp as a concept (they don't
> actually, they own various other protocols for HA that the open standard
> was based on).  If Cisco "owned" it, how could it be an open protocol
> with the IETF and how could Checkpoint use it flagrantly?  Finally, no
> one owns "high availability" or "shared IP solutions", since every
> vendor (even M$!) has some form or this somewhere in their products.
> 3) Cisco offered up "their" piece of the "open" protocol for free as
> long as you accept their license.  This license was not in the best
> interest of the OpenBSD project, but it COULD BE IN THE BEST INTEREST of
> one or more OpenBSD users that care more about HA then suing CISCO (see
> the last link above).
> 4) The OpenBSD team even had their own port of VRRPD see the first link
> in the list above), but wouldn't put it in the code base because it adds
> some stealth licenses to OpenBSD. (see the first link from the archives
> above).
> 5) There is nothing stopping people with no intention of litigation with
> Cisco from making their own VRRP based on the public open standard, as
> long as you promise not to sue Cisco.
> 6) The OpenBSD team could not distribute VRRP without poisoning the
> entire license for this one use, but independently making the software
> doesn't hurt anyone except people that are using it.  And the "hurt" is
> that they lose their ability to sue Cisco.
> So as long as it's not in the "core" distro or distributed by the "core"
> team, VRRP ports violate no patents and cause no licensing problems for
> OpenBSD.
> If I'm wrong, please smacketh me with a clue stick.
> > -----Original Message-----
> > From: Luca Perugini [mailto:[email protected]] 
> > Sent: Thursday, October 03, 2002 10:49 AM
> > To: [email protected]
> > Subject: R: Load balancing/failover
> > 
> > 
> > Hi,
> > I'm working on vrrp implementation on OBSD.
> > My starting point was Linux vrrp implementation done by 
> > Jerome Etienne and FreeBSD vrrp. I hope in 2 or 3 weeks to 
> > have a "running" version of vrrpd for OBSD 3.1
> > 
> > In the meaning time I send a patch around ifconfig and 'if' 
> > files to support MAC showing and MAC setting on ethernet card.
> > 
> > Luk
> > 
> >  ______________________________________________________________
> > 
> >   Ing. Luca Perugini		o mailto: [email protected]
> >        				o
> >   Oxys S.r.l.			o   Mob.: +39 335 7746997
> >   Via Gaetana Agnesi, 12	o   Off.: +39 02 58327300
> >   20135 Milano MI (ITALY)	o   Fax : +39 02 58304654
> >  ________________________________________________________________
> > 
> > 
> > 
> > 
    paranoic mickey       (my employers have changed but, the name has remained)