Re: [Fedora] Re: Failover setup

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



El Martes, 17 de Abril de 2007 23:40, tom escribió:
> On Tue, 17 Apr 2007, Ashley M. Kirchner wrote:
> > Rick Stevens wrote:
> >> You still have a single point of failure
> >> (the Linux box), but you have redundant broadband links.
> >
> >   Guys, the problem isn't the lines going down.  We have a Cisco router
> > handling two T1s coming in and it does just fine whenever some  idiot
> > contractor decides to slice a cable somewhere in town.  That's not where
> > my problem is.  My problem is the firewall that sits between the Cisco
> > and our internal network.  That's what I'm trying to figure out some kind
> > of failover setup.
>
> I'm a few light years away from being a network guru, so grab a large
> block of salt here. However...
>
> >From what I understand of your setup, you are worried about a the firewall
>
> machine getting wonky, and not the router. The router talks to two
> different broadband connections, and the firewall sits between the router
> and inside.
>
> How about something like such: connect an inside machine via both the
> network and something else which can force a reboot, either a serial
> link to the firewall box with root priveledges, or a software controled
> power switch. Now periodically, say once every two minutes, run
> a traceroute to one or more of the outside destinations which your people
> need to get to (preferably destinations that you actually control, lets
> not be rude to slashdot or redhat for obvious reasons.) When the
> traceroute fails, look at the failure point. If things fail at the
> firewall, force the reboot. If a full traceroute is too heavy, try a
> single packet ping, followed by a traceroute when the ping gets hosed
> twice in a row. Slightly more complicated scripting, probably
> significantly less network load.
>
> Possibly a slightly stronger alternative would be to combine the router
> and firewall, but apparently somebody doesn't want to do so. (And I'd be
> that somebody, as I'm not sure I could get the firewall and routes going
> correctly at the same time.)
>
> Hope this helps, and thanks to all for the bandwidth.

I don't see the point there, actually, It's much more easier to set up 
LVS+Keepaliver or Ultramonkey and every case will be cover, if the firewall1 
fails, the other one will route all the clients, and viceversa.

-- 
Manuel Arostegui Ramirez.

Electronic Mail is not secure, may not be read every day, and should not
be used for urgent or sensitive issues.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux