Michael Schwartzkopff wrote: > Am Dienstag, 8. September 2009 20:42:25 schrieb Christoph Lechner: >> Michael Schwartzkopff wrote: >>> Am Dienstag, 8. September 2009 20:15:31 schrieb Christoph Lechner: >>> (...) >>> >>>> For the production setup I planned the Ethernet replication link and a >>>> serial null modem cable. I know the serial cable can really slow down a >>>> CRM based setup. But I'm going to pay the price because if I mess the >>>> firewall two independent Ethernet links still don't prevent a >>>> split-brain. >>> Do NOT use serail interconnects any more. No possiblilty for serial lines >>> in openais any more. And they are definitely too slow for recent cluster >>> managers. >> OK. What should I use then? Two independent Ethernet links? >> >> I'm really afraid of screwing the firewall setup only for a few seconds >> and having a split-brain afterwards. > > ??? Firewall ??? > > Why do you need a DRBD for a firewall??? A firewall is a classic example for > NO- > shared data. What I wrote is maybe a little bit confusing. To clearify: The two machines aren't firewalls. They're web and mail servers mounted in a collocation rack. There's no DMZ or something linke that. Unfirewalled Internet on the Ethernet plugs. But every machine has an IPTables firewall to block unwanted access from the Internet. Of course the replication link has no strict firewall policy. But given the case I make a mistake when changing the firewall settings, the replication links and the Heartbeat communication might break.
> > If you want to use DRBD use two independend etherner channels and make a bond > interface. Again, messing the local firewall would break it. I guess we're talking at cross-purposes. - cl _______________________________________________ Linux-HA mailing list [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
