RFC Announce active-active solution: availability-manager

[Ben Sartor <BenSar@web.de>]

Hi!

During my diploma thesis which was sponsored by credativ (www.credativ.de) I 
implemented an active-active firewall solution. It implements a loadbalancing 
cluster that is able to detect new nodes (on-the-fly integration) and failed 
ones. Furthermore, it synchronizes the connection tracking table of the 
nodes, so that at a failover no connection gets lost.

In order to achieve this the kernelmodule "clusterdev" was implemented. It is 
based on Harald Welte's "clusterip" and so it uses a multicast MAC address to 
share an IP address on multiple nodes. Which node is responsible for a 
connection is determined by a responsible range (0 ... 255) assigned to each 
node.

The second part of my solution is the userspace 
application "availability-manager". It sets the responsible range and 
implements a simple heartbeat protocol. Furthermore, it uses 
libnetfilter-conntrack to make sure the connection tracking table of each 
node is known by the others. Thus at a failover the connection tracking 
entries can be reallocated among the remaining nodes.

The software is released under the GPL and can be downloaded at:

http://sourceforge.net/projects/avail-manager/

A translation of my diploma talk can be found at:

http://avail-manager.sourceforge.net/talk.pdf

I tested the software with kernel 2.6.22 and libnetfilter_conntrack-0.0.81. 
For the future it is planned to include IPv6 support. Furthermore I think it 
may be possible to make it work with "clusterip".

Although I consider the software to be in a pre-alpha state, it runs quite 
stable in a productive environment at the credativ GmbH. Any comments are 
highly appreciated.



Regards

  Ben Sartor