On Tue, Mar 26, 2002 at 04:30:29PM -0500, Brian McGraw wrote: > Hey folks, has anyone used iptables in a failover configuration, so if one machine >dies, the next can take over without interruption in service. If so, how did you >implement this?
Do you want an answer with or without connection tracking and its stateful inspection? Without connection tracking, the usual IP- and MAC-takeover strategies can be used, or dynamic routing can be employed. With connection tracking, and a ruleset which permits "NEW non-SYN" connection pickup, the address or routing takeover stuff still works. If you want exchange of connection state information between two machines, there is no solution implemented (or planned, as far as I know) for now. There is a multicast based state exchange implemented in the load balancing implementation found at www.linuxvirtualserver.org. But that's seperate from the iptables conntracking. Hope this helps. best regards Patrick
