OpenBSD firewalls now have redundant fail-over built into them. The protocol used for linking the redundant fail-over firewalls is CARP (Common Address Redundancy Protocol).
http://www.openbsd.org/lyrics.html The left sidebar tells the tale of woe that inspired the OpenBSD crew to write a non-standard "Standard" for doing fail-overs. It's a *very* interesting read. One of the reason's I'm a vocal proponent of OpenBSD is their ability to side step "The MAN" whenever he tries to throw a road block in their way. In this case the role of the "The MAN" is played by Cisco - with a lame patent on a flawed redundancy protocol (HSRP). Our heroes are the OpenBSD programmers who invented CARP, a fundamentally different protocol for handling fail-over of stateful firewalls. Not only is it fundamentally different from the official "standard", but it actually works... and with greater reliability than the current "standard". So next time you build a firewall - Stick it to The MAN! Use OpenBSD and CARP! Jon Carnes (just waking up from my work induced stupor after some heavy lifting at a major client) -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
