Firewall Wizards mailing list archives
RE: Slightly off-topic: Any good/bad experiences withHigh-Availability Linux clusters ?
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Thu, 27 Apr 2000 18:37:56 -0400 (EDT)
server/workstation expert, april 2000 vol 11 # 4, while citing the IBM port of linux to the s/390 enterprise servers states in part: ... The Linux community also falls short in terms of high-availibility solutions such as clustering, says Calybrook. "One of the limitations of Linux on the enterprise is its high-availibility requirements. There are [vendors] working on clustering solutions, but none of them are at the level you think in terms of true clustering capability. They can do failovers and some form of load balancing, but for the most part, they're not at the same level that UNIX clustering is," he says. Some of the functionality missing from current Linux clustering solutions includes single system image, cluster file systems and journeled file systems. Other clustering solutions such as the beowoulf project clusters <URL cited> are aimed more at clustering for preformance and workload sharing than for high-availability and fault tolerance. ... Thanks, Ron DuFresne On Sat, 22 Apr 2000, Andrew J. Luca wrote:
Tobias, I don't know where the original to this message went so I'm replying to this one... I have used the Veritas product suite (used to be FirstWatch, now is the VCS Suite) and the old Qualix HA+ on Sun platforms for about the last four years with a great deal of success. I do not have any experience with a Linux version of this type of software (Veritas doesn't make one) but I would suggest, as some of the other posters have, that you look to another platform. While there has been a strong growth of Linux within the enterprise over the last couple of years, I still don't think that it is really ready for prime time if you are looking for an HA solution other than for a simple firewall. One of the questions that you have to ask yourself is what you are trying to accomplish. If all you are aiming for is a high availability firewall cluster, then you could really just build that with a couple of scripts on your own. There are a bunch of good people out there that could help you to do that in a couple of weeks time. If you really are looking for all of the features that you get from a HA package -- application level fail-over, file system fail-over, network fail-over -- then you probably want to be aiming for one of the commercial packages. If you want more than that -- i.e. stateful fail-over -- then you are aiming way, way above the level that Linux (or even Solaris) can deliver today. Basically, you are into the realm of the Stratus and Tandems. I haven't heard of anyone running a firewall on these platforms, yet! ;-) Now, of course this also only gets you part way to high-availability if you are building a firewall. You are also going to need to build in some network layer HA with multiple links AND dynamic routing protocols. This is really the only way to build a true Internet HA solution. If you are going to take the time to build it, don't chintz on the important stuff! We ran a number of firewall clusters using the FirstWatch package and some home grown scripts but in retrospect, it was a huge waste of money (please don't tell my former employer). Basically, we were only using the heartbeat functions and its ability to start and stop applications for us once it detected a failure. Of course, it also prevented the dual-brain idea but even our use of that was very limited. I firmly believe that we could have rewritten this in a couple of weeks to do exactly what we wanted for much less than the $7.5k/node licensing fee. If you want more information, let me know. I think that I have a generic design document around somewhere and some information about the design of a basic app. package. Drew -----Original Message----- From: owner-firewall-wizards () lists nfr net [mailto:owner-firewall-wizards () lists nfr net]On Behalf Of Michael Erskine Sent: Wednesday, April 12, 2000 2:15 AM To: Tobias Gierke Cc: firewall-wizards () nfr net Subject: Re: [fw-wiz] Slightly off-topic: Any good/bad experiences withHigh-Availability Linux clusters ? Undoubtedly you have chased down the links at www.beosulf.org. There are some straight forward documents there that detail various setups. I recommend something really simple... sort of a mixed bag. Boot nodes from the local HDD. NFS out /home. Run Yellow Pages. Firewall the *hit out of the head. ... Take a hard look at SuSE they have it down to an art. If your cluster is really a 'server farm' you can use IPCHAINS to distribute the load across multiple nodes using the prioritization rules described in the IPCHAINS howto. It is a bit of work but in a week you should have it running. ;-) Tell the boss two weeks as my estimates are ALWAYS LOW. On Thu, 6 Apr 2000, Tobias Gierke wrote:Hi, Although the topic isn´t really related to firewalling, I still hope that someone out there can help me. I need to build a 2-3 node HA cluster for one of our customers. My boss would like to see these machines running on linux (cause it´s the cheapest solution...). I´ve browsed the web for approx. 9 hours but none of the solutions I found looked really stable/mature. My favorites up to now are Eddie and "heartbeat" (Linux-HA project). Any ideas ? I´d really appreciate _ANY_ useful hints !! Thanks in advance, Tobias Gierke ---PGP---PGP---PGP---PGP---PGP----- Ich _bevorzuge_ PGP-verschlüsselte Mails ! Schickt mir eine Mail mit dem Subject "KEY REQUEST" und ihr erhaltet automatisch meinen Key. I _strongly_ prefer PGP-encrypted E-mail ! Send a message containing the subject "KEY REQUEST" and you will get my key automagically. Download PGP: http://www.zone.pspt.fi/pgp/download/#5.0i
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: darkstar.sysinfo.com http://darkstar.sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too!
Current thread:
- Slightly off-topic: Any good/bad experiences with High-Availability Linux clusters ? Tobias Gierke (Apr 10)
- Re: Slightly off-topic: Any good/bad experiences with High-Availability Linux clusters ? Michael Erskine (Apr 18)
- Re: Slightly off-topic: Any good/bad experiences withHigh-Availability Linux clusters ? Tobias Gierke (Apr 18)
- Re: Slightly off-topic: Any good/bad experiences withHigh-Availability Linux clusters ? Mark E. Drummond (Apr 20)
- Re: Slightly off-topic: Any good/bad experiences withHigh-Availability Linux clusters ? Randy Grimshaw (Apr 24)
- RE: Slightly off-topic: Any good/bad experiences withHigh-Availability Linux clusters ? Andrew J. Luca (Apr 27)
- RE: Slightly off-topic: Any good/bad experiences withHigh-Availability Linux clusters ? R. DuFresne (Apr 28)
- Re: Slightly off-topic: Any good/bad experiences with High-Availability Linux clusters ? Michael Erskine (Apr 18)