Firewall Failover with pfsync and CARP
From: Daniel Hartmeier (daniel_at_benzedrine.cx)
Date: 03/30/04
- Next message: Janne Johansson: "Re: GNU sed and other non standard packages."
- Previous message: Andrew Falanga: "Re: httpd won't start and no error entries in error_log"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 30 Mar 2004 09:27:56 GMT
OpenBSD developer Ryan McBride <mcbride@openbsd.org> explains the new
firewall redundancy features in the upcoming OpenBSD 3.5 release[1]
in his article
Firewall Failover with pfsync and CARP
http://www.countersiege.com/doc/pfsync-carp/
CARP (Common Address Redundancy Protocol) is a free alternative to the
patent-encumbered VRRP, responsible for electing masters in a firewall
cluster, while pfsync syncronizes packet filter state information among
nodes.
The combination allows to replace single-point-of-failure firewalls with
clusters of two (or more) nodes, which continue to filter ongoing and new
connections when nodes fail. Additional features like arpbalance allow to
share a single IP address for multiple servers, transparently balancing
load among them, and adapting to servers failing.
Pre-order[2] for OpenBSD 3.5 has started, CDs will ship May 1st.
Daniel
[1] http://www.openbsd.org/35.html
[2] http://www.openbsd.org/orders.html
- Next message: Janne Johansson: "Re: GNU sed and other non standard packages."
- Previous message: Andrew Falanga: "Re: httpd won't start and no error entries in error_log"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
