Re: Linux Firewall Active/Active

[Michael Schwartzkopff <ms@sys4.de>]

[-- Attachment #1: Type: text/plain, Size: 1621 bytes --]

Am Mittwoch, 5. November 2014, 17:15:23 schrieben Sie:
> Hi there,
> 
> I need to build a scenario with 2 linux servers (probably CentOS7)
> acting as active/active firewall servers. What tools should I use?
> I saw some articles with:
>  - conntrackd + keepalived
>  - conntrackd + corosync + pacemaker

Why? There is not reasonable cause to build an active/active firewall from two 
nodes.

Any single hardware is fast enough to filter the speed of a WAN connection you 
can afford. No need for load balanceing.

If one server breaks, the other has to bear the whole load. So you have to 
design your hardware for the whole load.

So please build an active/passive system.

keealive makes the things very simple. If you have just the firewall, go for 
it. If you waht a little bit more, i.e. conntrackd and a squid with 
dependencies amongst all resources, go for pacemaker.

> But, what is the most used/stable?
> 
> 
> AND, if there is a chance, I have 4 lan networks (each one in a
> different VLAN) and it should be good if I can set something like
> "preffered master" to each one for load distribution, because I will
> run SQUID in those servers too.
> 
> I just need to know which way to go, so, I can learn the tools and
> configure it all here.

Mit freundlichen Grüßen,

Michael Schwartzkopff

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 230 bytes --]