On Thu, Feb 06, 2003 at 03:09:34AM +0200, Haim Ashkenazi wrote: > Now, since the firewall is the most critical host, I want to setup some > kind of failsafe, so even if that host dies all the traffic will go > through another host. > > Since I don't even have an idea where to start, I'll appreciate any > ideas/comments/pointers to documentations, etc...
What you are looking for is called a High-Availability Cluster (HAC). I don't maintain one myself, but have recently written a paper about HAC (only in Polish, sorry), and it looks like there is some really nice software for that. Below are the links from my paper -- some dates are in Polish, but that shouldn't be a problem. [1] High-availability linux project, pazdziernik 2002. http://linux-ha.org/. [2] Harald Milz (hm AT seneca.muc.de). Linux high availability HOWTO, grudzien 1998. http://www.ibiblio.org/pub/Linux/ALPHA/linux-ha/ High-Availability-HOWTO.html. [3] Rudy Pawul (rpawul AT iso ne.com). Getting started with Linux-HA (heartbeat), 2000. http://linux-ha.org/download/GettingStarted.html. [4] Alan Robertson (alanr AT unix.sh). Linux-ha APIs. Talk given at LWCE/NYC in February, 2001. http://linux-ha.org/heartbeat/LWCE-NYC-2001/index. html. [5] Alan Robertson (alanr AT unix.sh). Implementing HA servers on Linux a brief tutorial on the Linux-HA heartbeat software. http://linux-ha.org/ heartbeat/DevDen2002.pdf. [6] Steve Blackmon (steve.blackmon AT transtech.cc). High-availability file server with heartbeat, 2001. http://www.samag.com/documents/s=1146/sam0109c/ 0109c.htm. [7] Ram Pai. Heartbeat API. http://linux-ha.org/heartbeat/heartbeat_api. html. [8] Horms (Simon Horman) (horms AT verge.net.au). Fake home page, 2002. http: //www.vergenet.net/linux/fake/. [9] Alan Robertson (alanr AT suse.com). Linux-HA heartbeat system design, 2000. http://www.linuxshowcase.org/2000/2000papers/papers/robertson/. [10] Richard Ferri (rcferri AT us.ibm.com). Conversations: Introducing the open clu-ster framework, wrzesien 2002. http://www.linuxjournal.com/article.php? sid=6143. [11] Ip load balancing (piranha), 2002. http://www.redhat.com/software/ advancedserver/technical/piranha.html. [12] Linux virtual server home page. http://www.linuxvirtualserver.org/. [13] Joseph Mack (jmack AT wm7d.net). LVS-mini-HOWTO, listopad 2002. http://www.linuxvirtualserver.org/Joseph.Mack/mini-HOWTO/ LVS-mini-HOWTO.html. [14] mon home page, 2002. http://www.kernel.org/software/mon/. [15] Keepalived home page, 2002. http://keepalived.sourceforge.net/. [16] RFC2338 virtual router redundancy protocol. http://www.ietf.org/rfc/ rfc2338.txt. [17] Alexandre Cassen (acassen AT linux vs.org). Keepalived user guide, 2002. http: //keepalived.sourceforge.net/pdf/UserGuide.pdf. [18] Horms (Simon Horman) (horms AT verge.net.au). Creating linux web farms (linux high availability and scalability), listopad 2000. http://verge.net.au/linux/ has/. [19] Horms (Simon Horman) (horms AT verge.net.au). Ultra monkey project home page, 2002. http://www.ultramonkey.org/. [20] Inc Mission Critical Linux. Mission critical linux website, 2002. http://www. missioncriticallinux.com/. [21] Mission critical linux to deliver the first clustering solution specifically developed for e-commerce, marzec 2002. http://linuxpr.com/releases/1488.html. [22] Motorola Computer Group. Advanced high availability services for linux, 2002. http://mcg.motorola.com/cfm/templates/swdetail.cfm?PageID= 682&PageTypeID=10&SoftwareID=6&ProductID=202. [23] Charles de Tranaltes. The road to six nines (6NINES) availability, luty 2002. http://mcg.motorola.com/wp/index.cfm?pagetypeid=35&source=6. [24] HP high-availability software, 2002. http://www.hp.com/products1/unix/ highavailability/. [25] Global filesystem home page. http://www.globalfilesystem.org/. [26] Alan Robertson (alanr AT us.ibm.com). Resource fencing using STONITH. http: //linux-ha.org/heartbeat/ResourceFencing_Stonith.html. [27] Non-stop authentication with linux clusters. http://www-1.ibm.com/ servers/esdd/articles/linux_clust/index.html. [28] Coda filesystem home page, 2002. http://www.coda.cs.cmu.edu/. [29] Inter Mezzo filesystem home page, 2002. http://inter-mezzo.org/. [30] Bill von Hagen (vonhagen AT vonhagen.org). Using the InterMezzo distributed filesystem getting connected in a disconnected world, 2002. http://www. linuxplanet.com/linuxplanet/reports/4368/1/. [31] OCF. Open Cluster Framework project home page, 2002. http://opencf. org/. [32] VA Cluster Manager project home page, 2002. http://vacm.sourceforge. net/. [33] Philipp Reisner (philipp.reisner AT gmx.at). DRBD home page, 2002. http: //www.complang.tuwien.ac.at/reisner/drbd/. [34] Pavel Machek. NBD project home page. http://nbd.sourceforge.net/. [35] Peter Breuer. Enhanced NBD project home page. http://www.xss.co.at/ linux/NBD/. Marcin -- Marcin Owsiany <[EMAIL PROTECTED]> http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216