Hello Francois, On 12/12/2012 07:43 PM, Francois Gaudreault wrote: > PF works only in active-passive, unless you tweak the stack to handle > active-active (especially used for the portal) and active-passive > (daemons) at once. Do not even try to run the dhcplisteners/pfmon/etc > in active-active otherwise you will end up with performance degradations > or lock issues.
That's what I gathered ..., so I didn't dare ;-) > You should use any heartbeat style clustering, such at > Corosync/Pacemaker or Heartbeat itself. DRBD is used to sync the MySQL > data. I am not certain if DRBD is the best to sync DB data. Mysql itself is capable of replication which should be used for this task IMHO. > If you look at the Virtualization layer, one can potentially use the HA > features in ESX. That will help if the underlaying host fails, but not > if the VM itself crash. Even in virtual environments, you should use > active/passive. The my other post about ESXi: No problems here. Here are a few other points which might need some attention: * What happens to SNMP traps during failover from one node to the other? With our floating device setup this would be a security risk I think. * What happens if just not all but only parts of PF fail, radius being the most vital e.g.? The PF init script still reports all ok. So heartbeat would not find any reason to react. After the reauth period of the switches all registered network connections would be cut off. * We have added very many snort violation rules so that PF startup takes some time, resulting in longer failover times (> 90 sec.) I am still playing with a second external radius server. But the SOAP connection to the PF http service still makes the PF server a SPOF. Any hints? Thanks to the PF team for all the great work and effort! Cheers Jan -- MAX-PLANCK-INSTITUT fuer Radioastronomie Jan Behrend - Rechenzentrum ---------------------------------------- Auf dem Huegel 69, D-53121 Bonn Tel: +49 (228) 525 359, Fax: +49 (228) 525 229 [email protected] http://www.mpifr-bonn.mpg.de
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
