|
On Tue, May 08, 2001 at 02:19:09AM +0200, Lionel COTTIN wrote:
> I don't know how CheckPoint made this, but when a node becomes unavailable
> (external interface unplugged for example), the other node "take over"
> immediately, without interupting http,https sessions or vpn sessions !
>
> Because of the prohibitive cost of this solution, I have made some searches
> on the web to find out how to do this with linux boxes and netfilter,
> without success :(
Hi
There has been some discussion of how to do this on the netfilter-failover
list (http://lists.gnumonks.org/mailman/listinfo/netfilter-failover).
Unfortunately discussion has more or less died lately.
I was interested in doing some work on this myself but for a variety of
reasons I haven't got there yet (and to be honest I had forgoten about it).
Without going into too much detail what you need to to is have information
about acctive connections shared between the two machines, such that if one
machine fails, the other has enough state to keep the connection going.
Under 2.4.x this would tie quite nicely into the netfilter architecture, if
hooks were inserted at the right points.
See:
http://lists.gnumonks.org/pipermail/netfilter-failover/2001-February/000010.html
http://lists.gnumonks.org/pipermail/netfilter-failover/2001-February/000041.html
--
Horms
horms@xxxxxxxxxxxx
http://vergenet.net/~horms/
|
