On 11/12/2012 22:13, Jan Behrend wrote: > On 12/11/2012 03:57 PM, Luca Benassi wrote: >> We're running into production and I'm wondering which solution to >> choose, so ... if you're running pf with at least some k clients ... how >> have you achieved HA? >> Docs says (for active/passive): >> 1) DB on a remote partition (like a LUN on a SAN) >> 2) DRDB >> 3) remote DB server (in HA itself) >> >> Do you run one of this? > > 2 and 3 here. I am not happy with the failover, though, because while > failing over, we might miss link down traps related to our floating > network device setup. That would leave ports unprotected. I'd love an > active/active setup.
I'd love it too ... we have no floating device at the moment but active/active would be great anyway. I think we'll start via DRDB, so that we can really go into production, and then we'll begin thinking about an active/active solution ... maybe :) Having an A/A radius+dhcp+apache stuff is (quite) easy, the pain is always the DB :/ I'd be glad to hear also the dev team ... maybe they have something in roadmap, or maybe they "no! we tryed but at the moment it's impossible for this and this reason". > I am not sure if two PF instances could be forced > into working with the same (replicated) DB. > I tried to have an external radius server just using the DB to keep the > status quo on the switches if the PF service fails, but it turns out > that the radius service heavily relys on a SOAP connection to the PF web > server, which in turn would be the SPOF then :-( > > I am very much open for new ideas related to an active/active PF setup. > I tried to start threads on this earlier but no input so far. I hope > this one stays alive ... > > Cheers Jan I saw your post after writing mine, sorry (searching "HA" in my imbox gave me a "prrrrrr" result). Luca > > > > ------------------------------------------------------------------------------ > LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial > Remotely access PCs and mobile devices and provide instant support > Improve your efficiency, and focus on delivering more value-add services > Discover what IT Professionals Know. Rescue delivers > http://p.sf.net/sfu/logmein_12329d2d > > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > -- Dr. Luca Benassi Laboratori Guglielmo Marconi Via Porrettana 123, 40037 Pontecchio BO - ITALY Phone:+39-0516781934 Fax:+39-051846479 e-mail: [email protected] Systems & Networks Division ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
