RES: Firewall Load Balance

["Marcelo Barbosa Lima" <mblima () opencs com br>]

Thanks Rob, but I think that this doesn´t work very well. It´s important
that both Linux box have the same connection tracking table. OSPF does
load balance in packet traffic. It doen´t pay attetion in connection
before forward packets. I believe that some packets can be rejected in
the stateful firewall.

-----Mensagem original-----
De: mahhy [mailto:mahhy () undertow ca] 
Enviada em: quinta-feira, 18 de abril de 2002 09:18
Para: Marcelo Barbosa Lima
Cc: firewall-wizards () nfr com
Assunto: Re: [fw-wiz] Firewall Load Balance

On Tue, 16 Apr 2002, Marcelo Barbosa Lima wrote:
>             Is it possible to implement an architecture of firewall
load
> balance using only two Linux Boxes? LVS permits to implement load
> balance to services. I want to offer load balance and high
availibility
> using Linux. Did anybody do it? Thanks,

I currently do this at work.  Two Linux iptables firewalls, using the
High 
Availability package from www.linux-ha.org.

This allows the Primary Firewall to fail and the Secondary to take over.

I know this isnt quite what you are looking for, as you would like to
load 
balance over the two machines.

My solution to this was to use OSPF on the firewalls, and a fairly 
intelligent router behind the firewall.  It basically round robins any 
outbound connections to the two machines (since in OSPF terms there are 
two default routes).

I'm sure there are other ways to achieve this as well.

-- 
Rob Rankin
mahhy () undertow ca
http://undertow.ca

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards