[Pacemaker] create 2-node Active/Passive firewall cluster
Jeff Weber
jwamsc at gmail.com
Wed Sep 18 18:58:49 UTC 2013
Allen:
On Wed, Sep 18, 2013 at 1:43 PM, Allen Pomeroy <a at pomeroy.us> wrote:
> Why don't you consider something like OpenBSD's packet filter (pf),
> pfsync, and CARP? That would provide a better (hitless) HA solution for
> firewalls. I also use fwbuilder.org to graphically manage the firewall
> rules.
I am tied to CentOS-6.3
> The best use for a cluster is services that can take a hit while the
> cluster migrates resources from a failed node to a healthy node. Firewalls
> are a special case where you want the 'failover' to happen in near realtime
> including the in memory firewall state table and the IP MAC addresses on
> each segment.
>
>>
>> I was looking at conntrackd .
thanks,
Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/pacemaker/attachments/20130918/4fd2cf3d/attachment.htm>
More information about the Pacemaker
mailing list