PF works only in active-passive, unless you tweak the stack to handle active-active (especially used for the portal) and active-passive (daemons) at once. Do not even try to run the dhcplisteners/pfmon/etc in active-active otherwise you will end up with performance degradations or lock issues.
You should use any heartbeat style clustering, such at Corosync/Pacemaker or Heartbeat itself. DRBD is used to sync the MySQL data. If you look at the Virtualization layer, one can potentially use the HA features in ESX. That will help if the underlaying host fails, but not if the VM itself crash. Even in virtual environments, you should use active/passive. On 2012-12-12 3:29 AM, Morris, Andi wrote: > I'm also very interested in the methods people use for PF HA. At the moment > I just have a spare PF box configured and ready to switch on should the > primary fail, but it's on my to-do list to get a proper HA setup. It's > interesting to ready that people aren't happy with the failover with DRDB. > > Cheers, > Andi > > -----Original Message----- > From: Luca Benassi [mailto:[email protected]] > Sent: 11 December 2012 21:42 > To: [email protected] > Subject: Re: [PacketFence-users] Poll (!): how do you HA your PF? > > On 11/12/2012 22:13, Jan Behrend wrote: >> On 12/11/2012 03:57 PM, Luca Benassi wrote: >>> We're running into production and I'm wondering which solution to >>> choose, so ... if you're running pf with at least some k clients ... >>> how have you achieved HA? >>> Docs says (for active/passive): >>> 1) DB on a remote partition (like a LUN on a SAN) >>> 2) DRDB >>> 3) remote DB server (in HA itself) >>> >>> Do you run one of this? >> 2 and 3 here. I am not happy with the failover, though, because while >> failing over, we might miss link down traps related to our floating >> network device setup. That would leave ports unprotected. I'd love >> an active/active setup. > I'd love it too ... we have no floating device at the moment but > active/active would be great anyway. > I think we'll start via DRDB, so that we can really go into production, and > then we'll begin thinking about an active/active solution ... maybe :) Having > an A/A radius+dhcp+apache stuff is (quite) easy, the pain is always the DB :/ > I'd be glad to hear also the dev team ... maybe they have something in > roadmap, or maybe they "no! we tryed but at the moment it's impossible for > this and this reason". > >> I am not sure if two PF instances could be forced into working with >> the same (replicated) DB. >> I tried to have an external radius server just using the DB to keep >> the status quo on the switches if the PF service fails, but it turns >> out that the radius service heavily relys on a SOAP connection to the >> PF web server, which in turn would be the SPOF then :-( >> >> I am very much open for new ideas related to an active/active PF setup. >> I tried to start threads on this earlier but no input so far. I hope >> this one stays alive ... >> >> Cheers Jan > I saw your post after writing mine, sorry (searching "HA" in my imbox gave me > a "prrrrrr" result). > > Luca > >> >> >> ---------------------------------------------------------------------- >> -------- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free >> Trial Remotely access PCs and mobile devices and provide instant >> support Improve your efficiency, and focus on delivering more >> value-add services Discover what IT Professionals Know. Rescue >> delivers http://p.sf.net/sfu/logmein_12329d2d >> >> >> >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> > > -- > Dr. Luca Benassi > Laboratori Guglielmo Marconi > Via Porrettana 123, 40037 Pontecchio BO - ITALY > Phone:+39-0516781934 Fax:+39-051846479 e-mail: [email protected] Systems & > Networks Division > > ------------------------------------------------------------------------------ > LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely > access PCs and mobile devices and provide instant support Improve your > efficiency, and focus on delivering more value-add services Discover what IT > Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > ________________________________ > > From 1st November 2011 UWIC changed its title to Cardiff Metropolitan > University. From the 6th December 2011, as part of this change, all email > addresses which included @uwic.ac.uk have changed to @cardiffmet.ac.uk. All > emails sent from Cardiff Metropolitan University will now be sent from the > new @cardiffmet.ac.uk address. Please could you ensure that all of your > contact records and databases are updated to reflect this change. Further > information can be found on the website > here.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx> > > Ar Dachwedd y 1af 2011 newidiodd UWIC ei henw i Brifysgol Fetropolitan > Caerdydd. O Ragfyr 6ed, fel rhan o'r newid yma, bydd pob cyfeiriad e-bost > sy'n cynnwys @uwic.ac.uk yn newid i @cardiffmet.ac.uk. Bydd yr holl ebyst a > ddanfonir o Brifysgol Fetropolitan Caerdydd yn cael eu danfon o‘r cyfeiriad > @cardiffmet.ac.uk newydd. Gwnewch yn siwr eich bod yn diweddaru eich > cofnodion cyswllt a'ch cronfeydd data i adlewyrchu hyn. Gellir cael rhagor o > wybodaeth ar y wefan > yma.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx> > > ------------------------------------------------------------------------------ > LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial > Remotely access PCs and mobile devices and provide instant support > Improve your efficiency, and focus on delivering more value-add services > Discover what IT Professionals Know. Rescue delivers > http://p.sf.net/sfu/logmein_12329d2d > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
