[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Load balancing/failover
as much as this is an offtopic, imho,
you should do some more reading.
an ietf/vrrp mailing list is a good start, i believe.
Making, drinking tea and reading an opus magnum from Robert Schwartz:
> Great news! There has been some interesting movement on the VRRP front.
> I have it running at home actually and I am more then willing (and
> hopefully able) to test any and all VRRP / HA solutions for firewalls
> from the public domain. I got some Dell Celeron 433's from Ye Olde Used
> Compooter Shoppe for about 150$ total (with the extra NIC's) and an old
> hub to share the DSL modem and a small subnet of live IP's to use on
> this hub.
> I'm sure you've seen the HUT project for FreeBSD freevrrpd:
> and it has been ported to OpenBSD by Blake Matheny
> this is hard to get to compile (you need gmake for it and some other
> autoconf options)
> It was translated to an unofficial OpenBSD port by Chris Kuethe:
> I'm using the source port on one gateway and the "port" on another. The
> "port" installs easy obviously but you end up with the same thing.
> That being said, there are problems. The original porter (Blake
> Matheny) ported FreeVRRPD to OpenBSD (and his web site is down ATM) at
> version .84. This works great for load balancing and HA for web
> servers, etc, but doesn't help if just 1 interface in my 8 legged
> firewall fails. Version .85b from the HUT project added the "killer
> app" for firewalls: Monitored Circuits! Second, state information is
> not maintained when it fails over :(.
> So I would think that there's enough out there in the GPL area and
> enough work already done so that you wouldn't need to reinvent the
> wheel, just take the GPL'ed software already out there and finish the
> port / actively work with Sebastien Petit (the developer of FreeVRRPD)
> to keep it up to date with OpenBSD.
> I see that there are some comments on the patent issue that came in
> after this post. This is very highly misunderstood by either me or
> them. The heart of the matter was re-hashed 100000000 times with the
> OpenSSL thread on [email protected] It's pretty much the same type of license:
> "Cisco retains the right to assert patent claims against any party and
> subsidiary of a party that asserts a patent it owns or controls, either
> directly or indirectly, against Cisco or any of its subsidiaries or
> successors in title, including the right to claim damages for any prior
> use or sale of VRRP by such a party."
> 1) IANAL :) your mileage may vary, objects in the mirror are closer then
> they appear.
> 2) The issue is not that Cisco "owns" vrrp as a concept (they don't
> actually, they own various other protocols for HA that the open standard
> was based on). If Cisco "owned" it, how could it be an open protocol
> with the IETF and how could Checkpoint use it flagrantly? Finally, no
> one owns "high availability" or "shared IP solutions", since every
> vendor (even M$!) has some form or this somewhere in their products.
> 3) Cisco offered up "their" piece of the "open" protocol for free as
> long as you accept their license. This license was not in the best
> interest of the OpenBSD project, but it COULD BE IN THE BEST INTEREST of
> one or more OpenBSD users that care more about HA then suing CISCO (see
> the last link above).
> 4) The OpenBSD team even had their own port of VRRPD see the first link
> in the list above), but wouldn't put it in the code base because it adds
> some stealth licenses to OpenBSD. (see the first link from the archives
> 5) There is nothing stopping people with no intention of litigation with
> Cisco from making their own VRRP based on the public open standard, as
> long as you promise not to sue Cisco.
> 6) The OpenBSD team could not distribute VRRP without poisoning the
> entire license for this one use, but independently making the software
> doesn't hurt anyone except people that are using it. And the "hurt" is
> that they lose their ability to sue Cisco.
> So as long as it's not in the "core" distro or distributed by the "core"
> team, VRRP ports violate no patents and cause no licensing problems for
> If I'm wrong, please smacketh me with a clue stick.
> > -----Original Message-----
> > From: Luca Perugini [mailto:[email protected]]
> > Sent: Thursday, October 03, 2002 10:49 AM
> > To: [email protected]
> > Subject: R: Load balancing/failover
> > Hi,
> > I'm working on vrrp implementation on OBSD.
> > My starting point was Linux vrrp implementation done by
> > Jerome Etienne and FreeBSD vrrp. I hope in 2 or 3 weeks to
> > have a "running" version of vrrpd for OBSD 3.1
> > In the meaning time I send a patch around ifconfig and 'if'
> > files to support MAC showing and MAC setting on ethernet card.
> > Luk
> > ______________________________________________________________
> > Ing. Luca Perugini o mailto: [email protected]
> > o
> > Oxys S.r.l. o Mob.: +39 335 7746997
> > Via Gaetana Agnesi, 12 o Off.: +39 02 58327300
> > 20135 Milano MI (ITALY) o Fax : +39 02 58304654
> > ________________________________________________________________
paranoic mickey (my employers have changed but, the name has remained)