In a message dated: Fri, 14 Jul 2000 18:45:09 EDT
Derek Martin said:
>But, last I'd been paying attention, heartbeat does allow heartbeat over
>serial and ethernet simultaneously, and Alan (Robertson) was thinking
>about adding other methods. It's true that shared SCSI is not supported
>by heartbeat, but that probably doesn't matter much in a firewall scenario
>since you're not concerned about shared storage.
Well, What if someone is hammering your firewall with a DoS attack and you've
decided that HeartBeat is enough for you. Unless you've got Heartbeat to work
over both serial *and* ethernet, you're failover node is likely to think
that the primary has failed and try to take over. Now you're router gets a
gratuitous arp from the failover saying that it's now the default route into
the network and it will begin receiving the DoS packets instead. However, the
primary node wasn't shutdown, so at somepoint the router is going to get its
MAC address as that assigned the Virtual IP, since it's doing ARP requests
periodically. So you'll have the MAC table on the router flipping between 2
systems for the same IP address. That can cause problems.
It's much better to not have the failover node take over in this case.
However, if you're only using heartbeat over ethernet, this could be a
problem.
I'd rather have the quorum disk as a mechanism which won't get bogged down if
the systems ethernet is getting flooded. You don't need to actually use the
drive for storage, you can just use if for quorum. Granted, it's wasted
space, with the smallest drives being 9GB now, but you can probably find
an "old" 1,2,or 4GB disk somewhere :)
I'd rather be safe than sorry (or paged at 3:00 a.m. :)
--
Seeya,
Paul
----
"I always explain our company via interpretive dance.
I meet lots of interesting people that way."
Niall Kavanagh, 10 April, 2000
If you're not having fun, you're not doing it right!
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
