Am Mittwoch, 4. Februar 2009 17:32:11 schrieb Michele Codutti: > Il giorno mer, 04/02/2009 alle 16.16 +0100, Michael Schwartzkopff ha > > scritto: (...) > I've also a 2-node active-standby firewall setup in production. > The problem with conntrackd is that it has only one sync connection with > the other node. To solve this SPOF I wrote two RA. > - the first one starts conntrackd and checks (in the monitor action) if > the other node is alive, otherwise, restarts conntrackd with another > configuration with another communication media. > - the second simply commits the conntrack tables from the other node > when it starts. > Obviously you must co-locate the second resource to an IP resource (or > in my case another custom RA that bridges some interfaces). > The two RA are still in a work-for-me status but they proved stable for > a while. Maybe in the next days I'll post them here to gather some > comments. > want to write a OCF resource for that task to be done inside > > heartbeat you need a stateful agent. You agent below is not stateful, > > i.e. it does not unterstand promote and demote. > > > > Re-thinking: Perhaps you also could state a conntrackd clone... > > In my implementation a clone (one for every node) of the table merging > RA is enough.
What about interface bonding? -- Dr. Michael Schwartzkopff MultiNET Services GmbH Addresse: Bretonischer Ring 7; 85630 Grasbrunn; Germany Tel: +49 - 89 - 45 69 11 0 Fax: +49 - 89 - 45 69 11 21 mob: +49 - 174 - 343 28 75 mail: [email protected] web: www.multinet.de Sitz der Gesellschaft: 85630 Grasbrunn Registergericht: Amtsgericht München HRB 114375 Geschäftsführer: Günter Jurgeneit, Hubert Martens --- PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B Skype: misch42 _______________________________________________ Linux-HA mailing list [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
