From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Paul Robert Marino <prmarino1@gmail.com>
Cc: shawn wilson <ag4ve.us@gmail.com>,
Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>,
Ricardo Klein <klein.rfk@gmail.com>,
netfilter <netfilter@vger.kernel.org>
Subject: Re: Linux Firewall Active/Active
Date: Thu, 6 Nov 2014 00:55:38 +0100 [thread overview]
Message-ID: <20141105235538.GA3599@salvia> (raw)
In-Reply-To: <CAPJdpdBj2va5U_PZs_WSWe0XWX4jreSdMBEpOFO-_Fpi=EEKdA@mail.gmail.com>
On Wed, Nov 05, 2014 at 05:43:39PM -0500, Paul Robert Marino wrote:
> I've actually been doing this successfully with conntrakd, keepalived,
> and quagga
>
> Essentially I'm using quaga for OSPF and BGP externally with equal cost paths.
>
> For conntrackd with FTFW and "DisableExternalCache On"
>
> Do NOT use the howto's on the web or the examples that come with
> conntrakd or keepalived for configuring keepalived they are outdated
> and can cause major problems.
It would be great if you can contribute a patch to extend the
conntrack-tools manual to document this. The documentation is
available in docbook format in the git tree. People asks for this
configuration on the mailing list from time to time.
Thanks.
P.S: I think that update should also indicate that possible race
conditions may happen between the synchronization and packets in
active/active asymmetric path, so people are aware of it too.
next prev parent reply other threads:[~2014-11-05 23:55 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-05 19:15 Linux Firewall Active/Active Ricardo Klein
2014-11-05 19:40 ` Michael Schwartzkopff
2014-11-05 19:50 ` Ricardo Klein
2014-11-05 19:57 ` Michael Schwartzkopff
2014-11-05 20:06 ` Ricardo Klein
2014-11-05 20:40 ` Arturo Borrero Gonzalez
2014-11-05 21:45 ` shawn wilson
2014-11-05 22:43 ` Paul Robert Marino
2014-11-05 23:55 ` Pablo Neira Ayuso [this message]
2014-11-06 14:37 ` Paul Robert Marino
2014-11-06 15:53 ` Pablo Neira Ayuso
2014-11-06 12:43 ` Robert Sander
2014-11-06 13:21 ` Arturo Borrero Gonzalez
2014-11-06 15:10 ` Paul Robert Marino
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141105235538.GA3599@salvia \
--to=pablo@netfilter.org \
--cc=ag4ve.us@gmail.com \
--cc=arturo.borrero.glez@gmail.com \
--cc=klein.rfk@gmail.com \
--cc=netfilter@vger.kernel.org \
--cc=prmarino1@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox