>Paul Lussier wrote:
>
> In a message dated: Fri, 14 Jul 2000 16:22:24 EDT
> [EMAIL PROTECTED] said:
>
> >I have been looking at the Heartbeat documentation...and it seems to be
> >able to do what I need, which is provide a means of setting up a
> >redundant firewall that is capable of failover. What do you like/not
> >like about the heartbeat package? Is there another package that is
> >better that performs the same job as heartbeat?
>
> Yeah, the Kimberlite stuff is far more robust.
>
> Heartbeat pretty much depends upon ethernet pinging,
Are you sure? The Heartbeat documentation show configurations over
serial as well as ethernet. I was thinking of a senario where I install
a fourth network card in the
systems and link them with a crossover cable, and link them with a
serial line, or possibly two serial lines. This seems ok to me. I like
the idea of shared disk storage, but it seems like overkill for a simple
ipchains firewall. I don't mind if I'm writing a firewall log to a
separate hard disk. Also there is a watchdog driver available which in
the event of the heartbeat going dead for say a minute, will reboot the
system. This would prevent the machine from regaining it's heartbeat
after it is pronounced dead.
>Which, if you have an I/O
> problem and the primary system doesn't respind to the passive, the passive
> may try to take over, even though the primary isn't really dead. In that
> scenario you end up with 2 systems telling the router that they are the the
> same IP address.
>
> Kimberlite has 3 "hearbeat" mechanisms:
>
> serial line
> ethernet
> shared scsi disk
>
> It is entirely possible that your network I/O can be lost, but your disk I/O
> not be. In this case the failover knows the primary is still alive and to
> leave it alone to deal with it's ethernet I/O problem.
> --
> Seeya,
> Paul
> ----
> "I always explain our company via interpretive dance.
> I meet lots of interesting people that way."
> Niall Kavanagh, 10 April, 2000
>
> If you're not having fun, you're not doing it right!
>
> **********************************************************
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **********************************************************
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
