On Sat, Sep 09, 2006 at 03:10:14PM -0400, Daniel Ouellet wrote:
> Tom Bombadil wrote:
> >One funny story about redundancy in general: we run raidframe to mirror
> >the 2 disks in the system... And like I said both firewalls were
> >crashing together... After the crash our allegedly redundant firewalls
> >were both down for 20 minutes for parity rebuilding... simplicity is a
> >beautiful thing ;)
>
> May be that's just me, but a very simple question for you. If you have
> redundant firewall and I guess you are running CARP on them right? Why
> would you even have raidframe setup on a firewall.
>
> Isn't it the KISS gold principal would dictate otherwise here. Specially
> for a firewall. A good firewall needs the minimum setup on it.
Indeed; for high uptimes, using an altroot-like mechanism is probably
sufficient. See afterboot(8) for documentation.
Joachim
