> Example #2 Failover without load balancing: > This solution is not available at the moment. > It should permit redundancy between PF1 and PF2 and need a direct link > between the 2 box. > So there are various question about: > - what type of link ? USB ? RJ-45 ? > - what is the way the 2 box will receive the traffic ? > I mean if they have 1 IP for each interface how the router will send them > packets ?
Hi, I was late about writing to list. Sorry... I'm working on this subject as my graduation project. I'm a senior CS student and my exact topic is "Implementing a failover system for OpenBSD's pf" At this project my goals are making pf exchange state table changes with an IP multicast group and creating an alternative to VRRP. As you know any VRRP implementation can not be shipped with OpenBSD because of Cisco's patent issues. I'm planning to exchange the state table info via IP multicasting. This will let us implementing a more scalable system. More than two firewalls can participate in this fail-over network. Also this can let us implementing an edge load balancing (load balancing on the network layer, not in application layer as described in dharmeier's "desing & performance" paper). A little answer to your question about IP's or using a HUB is as stated above. We can easily manage this by using a VRRP like system. (but we shouldn't use VRRP) Any comments on this subject ? I didn't write about other issues (authentication of messages, group labeling, etc.). If we can discuss further on this topic I'll be happy to share ideas. Regards, Berk Demir
