|
On Thu, 13 Apr 2006, octane indice wrote:
Hello
Do you know if you can do something like carp+pfsync with linux+ipvs.
no-one has posted that they've done it.
I can do it easily with keepalived and a VRRP method and same ruleset but it
means that all connections are lost when master comes down.
you use the server synch state demon, which (as you state
below) has overhead. Any protocol that updates state
information on a backup machine is going to have overhead.
Carp is available for Linux too. "
yes carp is available for linux but not pfsync which is what I need.
pfsync updates the firewall state (I believe) on the backup,
but not the ipvs connection table. Even with carp, you still
have to transfer the ipvs table.
I have 2 questions:
First is it possible to use ipvs in this way?
.----FW backup---.
/ | \
INET--- | +---LAN
\ | /
`----FW master---'
a master, a backup, firewall scripts and update in real time of the
ip_conntrack?
yes, if the two FW machines are directors, that also have
firewall rules on them.
Second: and what if I add load balancing of servers from the firewall?
I don't understand this question. Do you mean updating the
virtual services with ipvsadm on the two firewall/director
machines?
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
| 