Am Donnerstag, 5. März 2009 17:12:44 schrieb Chris Price: > I am implementing a redundant router-firewall solution with > active/passive failover for a 'floating' ip on BOTH the Internal and > External interfaces. I'm a bit confused at the moment by the > documentation, so I'd like to ask for some clarification/direction on > how to best proceed. > > Scenario: > > > External Fail-over > Ip: 10.10.10.1 > > / \ > ----------------------------------------- > ----------------------------------------- > > | Firewall 1 > | > | | Firewall > > 2 | > > | External interface eth0: 10.10.10.2 > | > | | External interface eth0: 10.10.10.3 | > | > | Internal interface eth1: 192.168.1.2 > | > | | Internal Interface eth1: 192.168.1.3 | > > ----------------------------------------- > ----------------------------------------- > \ > / > Internal Fail-over > IP: 192.168.1.1 > > > > The heartbeat can be accomplished by serial, ucast, bcast or whatever > is best. Again, this is an active/passive setup, with the 'fail-over' > IP's only active on one node at a time.
You could read my HOWTO at www.multinet.de/HAFirewall/ > Note that the active node in the cluster will also be configured as a > LVS director, providing load balanced services for http/https servers on > the Internal network. I assume that the LVS startup can be handled by > linux-ha as a call to an external script on node failover (my > understanding of linux-ha is running thin here)? Yes. Just use the ldirectord resource. -- Dr. Michael Schwartzkopff MultiNET Services GmbH Addresse: Bretonischer Ring 7; 85630 Grasbrunn; Germany Tel: +49 - 89 - 45 69 11 0 Fax: +49 - 89 - 45 69 11 21 mob: +49 - 174 - 343 28 75 mail: [email protected] web: www.multinet.de Sitz der Gesellschaft: 85630 Grasbrunn Registergericht: Amtsgericht München HRB 114375 Geschäftsführer: Günter Jurgeneit, Hubert Martens --- PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B Skype: misch42 _______________________________________________ Linux-HA mailing list [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
