[Fedora] Re: Failover setup
Manuel Arostegui Ramirez
manuel at todo-linux.com
Tue Apr 17 21:51:04 UTC 2007
El Martes, 17 de Abril de 2007 23:40, tom escribió:
> On Tue, 17 Apr 2007, Ashley M. Kirchner wrote:
> > Rick Stevens wrote:
> >> You still have a single point of failure
> >> (the Linux box), but you have redundant broadband links.
> >
> > Guys, the problem isn't the lines going down. We have a Cisco router
> > handling two T1s coming in and it does just fine whenever some idiot
> > contractor decides to slice a cable somewhere in town. That's not where
> > my problem is. My problem is the firewall that sits between the Cisco
> > and our internal network. That's what I'm trying to figure out some kind
> > of failover setup.
>
> I'm a few light years away from being a network guru, so grab a large
> block of salt here. However...
>
> >From what I understand of your setup, you are worried about a the firewall
>
> machine getting wonky, and not the router. The router talks to two
> different broadband connections, and the firewall sits between the router
> and inside.
>
> How about something like such: connect an inside machine via both the
> network and something else which can force a reboot, either a serial
> link to the firewall box with root priveledges, or a software controled
> power switch. Now periodically, say once every two minutes, run
> a traceroute to one or more of the outside destinations which your people
> need to get to (preferably destinations that you actually control, lets
> not be rude to slashdot or redhat for obvious reasons.) When the
> traceroute fails, look at the failure point. If things fail at the
> firewall, force the reboot. If a full traceroute is too heavy, try a
> single packet ping, followed by a traceroute when the ping gets hosed
> twice in a row. Slightly more complicated scripting, probably
> significantly less network load.
>
> Possibly a slightly stronger alternative would be to combine the router
> and firewall, but apparently somebody doesn't want to do so. (And I'd be
> that somebody, as I'm not sure I could get the firewall and routes going
> correctly at the same time.)
>
> Hope this helps, and thanks to all for the bandwidth.
I don't see the point there, actually, It's much more easier to set up
LVS+Keepaliver or Ultramonkey and every case will be cover, if the firewall1
fails, the other one will route all the clients, and viceversa.
--
Manuel Arostegui Ramirez.
Electronic Mail is not secure, may not be read every day, and should not
be used for urgent or sensitive issues.
More information about the fedora-list
mailing list