[Fedora] Re: Failover setup

Rick Stevens rstevens at internap.com
Tue Apr 17 19:58:02 UTC 2007 

On Tue, 2007-04-17 at 14:23 -0400, Ferguson, Michael wrote:
> May I suggest:
> Two different broadband lines each with its individual firewall/router
> Configure your DNS to hand out the two default gateways.
> If one fails the second one is already in the search path. No???

Most systems won't accept multiple default routes.  Better bet:

	Two broadband lines, each with firewall/router
	One Linux box with three NICs acting as the router

Configure the inside network boxes to use the Linux box as the router. 

Set up one NIC on the Linux box as the internal network.  Bond the other
two NICs in mode 1 (failover) and connect one to each of the broadband
connections.  The Linux box will fail over from one "public" NIC to the
other if the primary fails.  You still have a single point of failure
(the Linux box), but you have redundant broadband links.

	              ---------------
	broadband<--->|eth0         |
	              | (bond)  eth2|<--->internal network
	broadband<--->|eth1         |
	              ---------------
	                 Linux box

That should work.
> 
> 
> 
> 
> -----Original Message-----
> From: fedora-list-bounces at redhat.com [mailto:fedora-list-bounces at redhat.com]
> On Behalf Of Ashley M. Kirchner
> Sent: Tuesday, April 17, 2007 1:58 PM
> To: For users of Fedora
> Subject: Re: [Fedora] Re: Failover setup
> 
> 
>     What happens if/when the LVS goes down?  Connections that are supposed
> to go through it are (once again) dead?  No, I'm not trying to figure out
> every single possible point of failure here, I'm just trying to figure out
> what happens when something that acts as a controller for many happens to go
> >poof< ...
> 
>     See, our biggest problem here is that we have several public servers at
> three different locations, and we ned to be able to get to those machines
> from here.  If our firewall here goes down, we can't get anywhere, let alone
> to our remote offices.  So in a sense, that firewall is our single point of
> failure (if I look past the CSU/DSU.)  So I'm looking at ways to "fix" or
> aliviate this part of our operation...
> 
> 
> --
> W | It's not a bug - it's an undocumented feature.
>   +--------------------------------------------------------------------
>   Ashley M. Kirchner <mailto:ashley at pcraft.com>   .   303.442.6410 x130
>   IT Director / SysAdmin / Websmith             .     800.441.3873 x130
>   Photo Craft Imaging                       .     3550 Arapahoe Ave. #6
>   http://www.pcraft.com ..... .  .    .       Boulder, CO 80303, U.S.A.
> 
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> 
----------------------------------------------------------------------
- Rick Stevens, Principal Engineer             rstevens at internap.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-      Batteries not included.  Offer not valid in some states.      -
-           Your mileage may vary.  Void where prohibited.           -
----------------------------------------------------------------------

More information about the fedora-list mailing list