I'm also very interested in the methods people use for PF HA. At the moment I just have a spare PF box configured and ready to switch on should the primary fail, but it's on my to-do list to get a proper HA setup. It's interesting to ready that people aren't happy with the failover with DRDB.
Cheers, Andi -----Original Message----- From: Luca Benassi [mailto:[email protected]] Sent: 11 December 2012 21:42 To: [email protected] Subject: Re: [PacketFence-users] Poll (!): how do you HA your PF? On 11/12/2012 22:13, Jan Behrend wrote: > On 12/11/2012 03:57 PM, Luca Benassi wrote: >> We're running into production and I'm wondering which solution to >> choose, so ... if you're running pf with at least some k clients ... >> how have you achieved HA? >> Docs says (for active/passive): >> 1) DB on a remote partition (like a LUN on a SAN) >> 2) DRDB >> 3) remote DB server (in HA itself) >> >> Do you run one of this? > > 2 and 3 here. I am not happy with the failover, though, because while > failing over, we might miss link down traps related to our floating > network device setup. That would leave ports unprotected. I'd love > an active/active setup. I'd love it too ... we have no floating device at the moment but active/active would be great anyway. I think we'll start via DRDB, so that we can really go into production, and then we'll begin thinking about an active/active solution ... maybe :) Having an A/A radius+dhcp+apache stuff is (quite) easy, the pain is always the DB :/ I'd be glad to hear also the dev team ... maybe they have something in roadmap, or maybe they "no! we tryed but at the moment it's impossible for this and this reason". > I am not sure if two PF instances could be forced into working with > the same (replicated) DB. > I tried to have an external radius server just using the DB to keep > the status quo on the switches if the PF service fails, but it turns > out that the radius service heavily relys on a SOAP connection to the > PF web server, which in turn would be the SPOF then :-( > > I am very much open for new ideas related to an active/active PF setup. > I tried to start threads on this earlier but no input so far. I hope > this one stays alive ... > > Cheers Jan I saw your post after writing mine, sorry (searching "HA" in my imbox gave me a "prrrrrr" result). Luca > > > > ---------------------------------------------------------------------- > -------- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free > Trial Remotely access PCs and mobile devices and provide instant > support Improve your efficiency, and focus on delivering more > value-add services Discover what IT Professionals Know. Rescue > delivers http://p.sf.net/sfu/logmein_12329d2d > > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > -- Dr. Luca Benassi Laboratori Guglielmo Marconi Via Porrettana 123, 40037 Pontecchio BO - ITALY Phone:+39-0516781934 Fax:+39-051846479 e-mail: [email protected] Systems & Networks Division ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ________________________________ From 1st November 2011 UWIC changed its title to Cardiff Metropolitan University. From the 6th December 2011, as part of this change, all email addresses which included @uwic.ac.uk have changed to @cardiffmet.ac.uk. All emails sent from Cardiff Metropolitan University will now be sent from the new @cardiffmet.ac.uk address. Please could you ensure that all of your contact records and databases are updated to reflect this change. Further information can be found on the website here.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx> Ar Dachwedd y 1af 2011 newidiodd UWIC ei henw i Brifysgol Fetropolitan Caerdydd. O Ragfyr 6ed, fel rhan o'r newid yma, bydd pob cyfeiriad e-bost sy'n cynnwys @uwic.ac.uk yn newid i @cardiffmet.ac.uk. Bydd yr holl ebyst a ddanfonir o Brifysgol Fetropolitan Caerdydd yn cael eu danfon o‘r cyfeiriad @cardiffmet.ac.uk newydd. Gwnewch yn siwr eich bod yn diweddaru eich cofnodion cyswllt a'ch cronfeydd data i adlewyrchu hyn. Gellir cael rhagor o wybodaeth ar y wefan yma.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx> ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
