John McMonagle wrote: >It's about time to upgrade my shorewall routers again so thinking of possible >changes. >In our main office have managed switches and 5 xen servers. > >I'm thinking of running the firewall/router under xen. >Don't have all the details figured out but this is roughly what I'm thinking >of: > >Set up separate vlan for the two isps and plug isps into the switch. >Run into xen servers on tagged vlans and set up separate bridges for each. >Each shorewall domu would see 3 interfaces. > >Then have 2 shorewall domus with fallover on separate xen servers. >I'm uncertain of the details for fallover. > >I'm pretty confident it can be done but is it a good idea?
Well it's certainly one way of doing it. I run Shorewall on pretty well all of my machines (most of which are PV guests under Xen) - no problems there. I also run two redundant routers in our server room - or they would be redundant if one of them hadn't died). These are just a couple of old surplus 1U rack mount servers that I inherited as stuff was upgraded. I've not run VLANs into a Xen host myself (used them into bare-matal hosts), but over on the Xen users lists there have been several threads where people have done it successfully - so I'd have no qualms there either. My preference would be to keep at least one of them as a bare metal device. Your routers are probably the most critical part of the network, and being bare metal means they have few dependencies (such as waiting for the host to boot and then autostart the guests). We've had a couple of "cold starts" for various reasons, and it's a real pain if connectivity and DNS aren't up as everything else starts. At the moment I'm looking for something small and cost effective to replace the dead box. We don't have any suitable hardware already spare or due to be soon - and a 1U system tends to be somewhat overkill price-wise. I'm currently thinking about whether one of these Alix boards would work for us (I'm also needing a number of similar boxes for other routing/firewall duties) : http://linitx.com/category/180/113,176,180 -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
