What separates web farms, and most other internet services, from
firewalls is that most internet servers don't really care what
there IP address is, and neither does a client of that service.
With a firewall, IP addresses are extremely important. Sure, you
can write an IPChains script using domain names for most things,
but an internal machine needs to know the IP address of the
firewall, or an internal router needs to know it. So, in order to
cluster a firewall, you would need one node to assume all IP
addresses of the hung system, and you would need some way to kill
the hung box so that there is no way it can come back up
unexpectedly. If two firewalls suddenly exist on the same network
with all of the same IP addresses, you have just found the most
efficient way of taking down both the internal and external
networks ;-) Cisco has a box called the Local Director that
handles this, but as with all things Cisco, it costs. As for Open
Source systems that do it, the names that I have heard tossed
around are Ultramonkey (VA), Pirhanna (RedHat), LVS (??), and
Kimberlite (MCLX).
Kenny
Bruce Dawson wrote:
>
> I'm not sure what you're looking for, but this may be it:
>
> http://ultramonkey.sourceforge.net
>
> ...Ultra Monkey is a project to build scalable server solution using
> Open Source components on the Linux Operating System. Ultra Monkey has
> grown from a technology demonstration shown at Linux World, New York in
> February 2000. At this stage the focus is on producing a scalable,
> highly available web farm, though the technology is easily expandable to
> other services such as email and FTP. ...
>
> [EMAIL PROTECTED] wrote:
> >
> > I am looking for information on setting up a IPchains Firewall system
> > with redundant servers, and failover capability. I have been looking,
> > and have found some information on commercial products that provide
> > these capabilities, but I wanted to know if anyone else on the list
> > knows of any projects, or products that will do this.
>
> **********************************************************
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **********************************************************
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
