From mboxrd@z Thu Jan 1 00:00:00 1970 From: Abhijit Menon-Sen Date: Sat, 21 Jul 2007 00:41:54 +0000 Subject: [LARTC] Re: gateway failover with linux Message-Id: <20070721002954.GA14479@toroid.org> List-Id: References: <20070719172500.GA25266@toroid.org> In-Reply-To: <20070719172500.GA25266@toroid.org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org At 2007-07-20 10:12:01 -0500, gtaylor@riverviewtech.net wrote: > > > I just want a hot standby for a single Linux firewall [...] > > I would use a pair of Linux boxen with vrrpd and conntrackd OK, great. I didn't know about vrrpd. I'll check it out. > As far as ucarp, I'm not familiar with it so I can't comment. If I have the time, I'll try out ucarp and post a summary of my experiences for the archives. > If you want to know what to do in this situation read about SONITH > (Shoot Other Node In The Head) to make sure that there is only one > active node at a time. ("STONITH", for those asking Google.) I have one other question. How does conntrackd interact with traffic shaping? My firewall also uses HTB to impose various bandwidth limits on clients. From what I've read so far, I have the impression that the failover may lose some packets that are being delayed in a queue, but existing connections should recover and be esentially unaffected. Can anyone confirm that? -- ams _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc