[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Load balancing/failover



> Example #2 Failover without load balancing:
> This solution is not available at the moment.
> It should permit redundancy between PF1 and PF2 and need a direct link
> between the 2 box.
> So there are various question about:
> - what type of link ? USB ? RJ-45 ?
> - what is the way the 2 box will receive the traffic ?
> I mean if they have 1 IP for each interface how the router will send them
> packets ?
Hi,
I was late about writing to list. Sorry...
I'm working on this subject as my graduation project.
I'm a senior CS student and my exact topic is
"Implementing a failover system for OpenBSD's pf"
At this project my goals are making pf exchange state table
changes with an IP multicast group and creating an alternative to VRRP.
As you know any VRRP implementation can not be shipped with
OpenBSD because of Cisco's patent issues.
I'm planning to exchange the state table info via IP multicasting.
This will let us implementing a more scalable system. More than
two firewalls can participate in this fail-over network.
Also this can let us implementing an edge load balancing (load balancing
on the network layer, not in application layer as described in
dharmeier's "desing & performance" paper).
A little answer to your question about IP's or using a HUB is
as stated above. We can easily manage this by using a VRRP like
system. (but we shouldn't use VRRP)
Any comments on this subject ? I didn't write about other issues
(authentication of messages, group labeling, etc.).
If we can discuss further on this topic I'll be happy to share
ideas.
Regards,
Berk Demir