What seems to be the "normal" way to do this is pretty much as Jeff Bachtel
described.
Check out www.linux-ha.org for lots of HA links for Linux. I'm confident
that enough will be ported / portable to *BSD to solve your problem.
In summary, you have a dedicated 'heartbeat' link between the two machines.
Both machines have a pair of real IPs and they share / cluster a pair of
'virtual' IPs. I like serial + ethernet. When there is a failure you need to
talk the failed machine into giving up the two clustered IPs and take them
over on the standby machine. Using ping to detect the failure is probably
suboptimal, though.
To solve the ARP problem it's normal to send a bunch of "gratuitous ARPs" to
flush out the arp caches around the network. The test (linux) machines I've
set up as proof-of-concept were amazingly simple and worked well. Failover
times were roughly 10-15 seconds, though which is too slow for some people.
The restoral of the primary is all taken care of by the HA daemon.
I do agree, however, that a hot standby is much simpler - if you have staff
levels such that someone can do the manual replugging.
Cheers,
--
Ben Nagy
Network Consultant, Volante Solutions
PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]
> Sent: Friday, 18 August 2000 5:36 AM
> To: Jeff Bachtel; [EMAIL PROTECTED]
> Subject: Re: Redundant OpenBSD
>
>
>
> #For a routing firewall (ie from NAT to public space, or a gateway
> #machine acting as a firewall), have your failover machine inside the
> #trusted network pinging the private (gateway) interface of the normal
> #firewall. On a failure, have the failover machine change its ip
> #address on its private interface to that of the gateway, and have it
> #bring up the public interface (which should be on the same network
> #segment as the public interface for the production firewall).
>
> This would probably work 80% of the time but there are
> some instances
> where it would not work. If the primary firewall has a bad internal
> network card or there is a network problem (i.e. bad cable or
> something)
> that prevents the ping from reaching the primary firewall
> then when the
> secondary firewall assumes the IP address of the primary you
> will see an
> ARP battle. Both of the external interfaces will answer to
> the same ip
> address. Also, if you do implement this you will want each
> firewall to
> have it's own IP address and then use a shared IP address that is
> advertized as the gateway to your network and is assumed by
> whoever is the
> primary. I have seen this idea implemented and it ended up being more
> trouble than it was worth. A hot standby configured exactly
> the same where
> you just plug in the cables would be less hassle and almost
> as good. You
> would also have to work out a way for the primary to come back up as a
> secondary or for the secondary that has promoted itself to
> primary to go
> back to being a secondary when the primary comes back up.
>
> Regards,
> Jeffery Gieser
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
