[Pacemaker] create 2-node Active/Passive firewall cluster

Jeff Weber jwamsc at gmail.com
Wed Sep 18 18:58:49 UTC 2013


Allen:

On Wed, Sep 18, 2013 at 1:43 PM, Allen Pomeroy <a at pomeroy.us> wrote:

> Why don't you consider something like OpenBSD's packet filter (pf),
> pfsync, and CARP?  That would provide a better (hitless) HA solution for
> firewalls.  I also use fwbuilder.org to graphically manage the firewall
> rules.


I am tied to CentOS-6.3


> The best use for a cluster is services that can take a hit while the
> cluster migrates resources from a failed node to a healthy node.  Firewalls
> are a special case where you want the 'failover' to happen in near realtime
> including the in memory firewall state table and the IP MAC addresses on
> each segment.
>
>>
>> I was looking at conntrackd .

thanks,
Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/pacemaker/attachments/20130918/4fd2cf3d/attachment.htm>


More information about the Pacemaker mailing list