On 12/11/2012 03:57 PM, Luca Benassi wrote: > We're running into production and I'm wondering which solution to > choose, so ... if you're running pf with at least some k clients ... how > have you achieved HA? > Docs says (for active/passive): > 1) DB on a remote partition (like a LUN on a SAN) > 2) DRDB > 3) remote DB server (in HA itself) > > Do you run one of this?
2 and 3 here. I am not happy with the failover, though, because while failing over, we might miss link down traps related to our floating network device setup. That would leave ports unprotected. I'd love an active/active setup. I am not sure if two PF instances could be forced into working with the same (replicated) DB. I tried to have an external radius server just using the DB to keep the status quo on the switches if the PF service fails, but it turns out that the radius service heavily relys on a SOAP connection to the PF web server, which in turn would be the SPOF then :-( I am very much open for new ideas related to an active/active PF setup. I tried to start threads on this earlier but no input so far. I hope this one stays alive ... Cheers Jan -- MAX-PLANCK-INSTITUT fuer Radioastronomie Jan Behrend - Rechenzentrum ---------------------------------------- Auf dem Huegel 69, D-53121 Bonn Tel: +49 (228) 525 359, Fax: +49 (228) 525 229 [email protected] http://www.mpifr-bonn.mpg.de
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
