Firewall Wizards mailing list archives
RE: Slightly off-topic: Any good/bad experiences withHigh-Availability Linux clusters ?
From: "Andrew J. Luca" <andrewluca () mediaone net>
Date: Sat, 22 Apr 2000 13:56:41 -0400
Tobias, I don't know where the original to this message went so I'm replying to this one... I have used the Veritas product suite (used to be FirstWatch, now is the VCS Suite) and the old Qualix HA+ on Sun platforms for about the last four years with a great deal of success. I do not have any experience with a Linux version of this type of software (Veritas doesn't make one) but I would suggest, as some of the other posters have, that you look to another platform. While there has been a strong growth of Linux within the enterprise over the last couple of years, I still don't think that it is really ready for prime time if you are looking for an HA solution other than for a simple firewall. One of the questions that you have to ask yourself is what you are trying to accomplish. If all you are aiming for is a high availability firewall cluster, then you could really just build that with a couple of scripts on your own. There are a bunch of good people out there that could help you to do that in a couple of weeks time. If you really are looking for all of the features that you get from a HA package -- application level fail-over, file system fail-over, network fail-over -- then you probably want to be aiming for one of the commercial packages. If you want more than that -- i.e. stateful fail-over -- then you are aiming way, way above the level that Linux (or even Solaris) can deliver today. Basically, you are into the realm of the Stratus and Tandems. I haven't heard of anyone running a firewall on these platforms, yet! ;-) Now, of course this also only gets you part way to high-availability if you are building a firewall. You are also going to need to build in some network layer HA with multiple links AND dynamic routing protocols. This is really the only way to build a true Internet HA solution. If you are going to take the time to build it, don't chintz on the important stuff! We ran a number of firewall clusters using the FirstWatch package and some home grown scripts but in retrospect, it was a huge waste of money (please don't tell my former employer). Basically, we were only using the heartbeat functions and its ability to start and stop applications for us once it detected a failure. Of course, it also prevented the dual-brain idea but even our use of that was very limited. I firmly believe that we could have rewritten this in a couple of weeks to do exactly what we wanted for much less than the $7.5k/node licensing fee. If you want more information, let me know. I think that I have a generic design document around somewhere and some information about the design of a basic app. package. Drew -----Original Message----- From: owner-firewall-wizards () lists nfr net [mailto:owner-firewall-wizards () lists nfr net]On Behalf Of Michael Erskine Sent: Wednesday, April 12, 2000 2:15 AM To: Tobias Gierke Cc: firewall-wizards () nfr net Subject: Re: [fw-wiz] Slightly off-topic: Any good/bad experiences withHigh-Availability Linux clusters ? Undoubtedly you have chased down the links at www.beosulf.org. There are some straight forward documents there that detail various setups. I recommend something really simple... sort of a mixed bag. Boot nodes from the local HDD. NFS out /home. Run Yellow Pages. Firewall the *hit out of the head. ... Take a hard look at SuSE they have it down to an art. If your cluster is really a 'server farm' you can use IPCHAINS to distribute the load across multiple nodes using the prioritization rules described in the IPCHAINS howto. It is a bit of work but in a week you should have it running. ;-) Tell the boss two weeks as my estimates are ALWAYS LOW. On Thu, 6 Apr 2000, Tobias Gierke wrote:
Hi, Although the topic isn´t really related to firewalling, I still hope that someone out there can help me. I need to build a 2-3 node HA cluster for one of our customers. My boss would like to see these machines running on linux (cause it´s the cheapest solution...). I´ve browsed the web for approx. 9 hours but none of the solutions I found looked really stable/mature. My favorites up to now are Eddie and "heartbeat" (Linux-HA project). Any ideas ? I´d really appreciate _ANY_ useful hints !! Thanks in advance, Tobias Gierke ---PGP---PGP---PGP---PGP---PGP----- Ich _bevorzuge_ PGP-verschlüsselte Mails ! Schickt mir eine Mail mit dem Subject "KEY REQUEST" und ihr erhaltet automatisch meinen Key. I _strongly_ prefer PGP-encrypted E-mail ! Send a message containing the subject "KEY REQUEST" and you will get my key automagically. Download PGP: http://www.zone.pspt.fi/pgp/download/#5.0i
Current thread:
- Slightly off-topic: Any good/bad experiences with High-Availability Linux clusters ? Tobias Gierke (Apr 10)
- Re: Slightly off-topic: Any good/bad experiences with High-Availability Linux clusters ? Michael Erskine (Apr 18)
- Re: Slightly off-topic: Any good/bad experiences withHigh-Availability Linux clusters ? Tobias Gierke (Apr 18)
- Re: Slightly off-topic: Any good/bad experiences withHigh-Availability Linux clusters ? Mark E. Drummond (Apr 20)
- Re: Slightly off-topic: Any good/bad experiences withHigh-Availability Linux clusters ? Randy Grimshaw (Apr 24)
- RE: Slightly off-topic: Any good/bad experiences withHigh-Availability Linux clusters ? Andrew J. Luca (Apr 27)
- Re: Slightly off-topic: Any good/bad experiences with High-Availability Linux clusters ? Michael Erskine (Apr 18)