[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: BSD and HA

To: "'Abraham, Elliot '" <Elliot.Abraham@BellSouth.com>,"''misc@openbsd.org' '" <misc@openbsd.org>
Subject: RE: BSD and HA
From: Josh Hoblitt <Josh.Hoblitt@bbox.net>
Date: Thu, 1 Mar 2001 10:21:56 -0800

Ipf 4 does statesharing... some server load balancers (foundry) can be
configured to sandwich multiple firewall devices.  This will give you
redundancy but without statesharing you'll lose active sessions in a
fail-over.  Also to keep in mind no single session will be able to have more
through put then one of the firewall devices can handle.  We have the
equipment to do this and have actualy tested it but are not using it in
production yet.  Note you only need one slb on either side but with two
doing statesharing you will have no single point of failure.

[SLB]-[SLB]
  |     |
[IPF] [IPF]
  |     |
[SLB]-[SLB]

-----Original Message-----
From: Abraham, Elliot
To: 'misc@openbsd.org'
Sent: 2/28/01 7:24 PM
Subject: BSD and HA

I've asked this question before with no success so here goes again, has
anyone implemented an HA solution with OBSD and IPF?  I would like to
implement a solution that mirrors the Checkpoint/Stonebeat and
Nokia/VRRP
solutions.  Any ideas, suggestions, pointers will be greatly
appreciated.

Elliott CCSE,CCSA,MCSE

Prev by Date: Re: Setting up Graphics card
Next by Date: RE: problems tracerouting from behind an openbsd NAT box
Prev by thread: RE: Annoying NAT problem
Next by thread: RE: problems tracerouting from behind an openbsd NAT box
Index(es):
- Date
- Thread