Failover setup
Manuel Arostegui Ramirez
manuel at todo-linux.com
Tue Apr 17 16:54:33 UTC 2007
On Tuesday 17 April 2007 18:45:01 Ashley M. Kirchner wrote:
> Hi Folks,
>
> I'm looking for suggestions on how to create a failover setup at the
> office. At the moment I have a single FC6 machine that acts as our
> firewall. It uses iptables to allow inside (private network) traffic to
> get out (to the internet) and vice versa. The problem is, if this
> system were to go down in the middle of the night, I won't know about it
> till the morning and there are workers that come in early in the morning
> and can't get any work done because they have no connection.
>
> So, if I setup a second machine to be a failover system, how do I
> actually get that accomplished? Network needs to be re-routed somehow
> when the primary goes down.
>
> The current layout is, seen from the outside:
>
> INTERNET ---> CSU/DSU ---> FC6 Firewall ---> HP ProCurve Switch
>
> The ProCurve switch serves our local network (with private [static]
> IPs) The firewall is multihomed with one public ethernet and a private
> one.
>
Well, an aproach could be setting up a machine where LVS and Keepalived would
be installed BEFORE the FC6 machine and of course, you would need two
machines acting as a firewall (if I'm correct, this machine also acts a
router).
Bear in mind if you want any failover system you would need two machines, one
as a setup, of course, if not, there's no way to build a proper HA
enviroment.
Cheers
--
Manuel Arostegui Ramirez.
Electronic Mail is not secure, may not be read every day, and should not
be used for urgent or sensitive issues.
More information about the fedora-list
mailing list