|
I realize that answering questions like this aren't the purpose of this
list, however I can't think of a better place to find a bunch of people
with an interest in Linux and high-availability, and would be grateful
should the moderators choose to let this one through.
I'm looking at implementing redundant/failover routers using VRRP with
keepalived, and would love to know of a way to get iptables state to
transfer from one machine to another. OpenBSD's pfsync will do the
equivalent with the OpenBSD pf firewall system, but I really don't want
to go with CARP/pfsync simply because I am more comfortable with Linux
than *BSD (which is not to say that I wouldn't love to get equally
familiar with *BSD, it's just that this is going in a production
environment). Anyway, my understanding now is that with something like
keepalived, the backup router could tell the master has died and take
over, but all ip_conntrack state would be lost, so existing connections
would be terminated and have to be restarted. This isn't a situation
that will end the world or the usefulness of redundant routers, but is
inconvenient. The CARP/pfsync folks claim to have had four clustered
routers told to reboot randomly over a period of two days, and as long
as one of them was up at any given time, no one on the associated
network noticed. Are Linux packages available to do this kind of thing?
While I'm at it, what's Cisco's big beef about VRRP, and what's the
keepalived response? I hear rumors of patent arguments, etc...
Sorry for the not quite on topic question, and my thanks to any respondents.
--
Josh Tolley
Raintree Systems, Inc.
http://www.raintreeinc.com
760 509 9000
|
