[PLUG] HA configuration

Pranav Peshwe pranavpeshwe at gmail.com
Thu Oct 11 09:03:47 IST 2007

On 10/10/07, Ameet Tirodkar <ameet.61 at gmail.com> wrote:
> I want to configure two linux based firewall in HA
> (High-Availability). Can anybody tell me what are the requirements for
> the same.

Hi Ameet,
             Hardware or software requirements ?
Considering software - heartbeat and drbd are widely used for software HA.
They work well on popular linux distros.
For a reliable HA config, you'll need <ideally> two exactly identical
machines</ideally>, with either, two NICs each or one NIC and a serial port.
Machines with only a NIC are _not_ enough for a serious HA deployment. A
quorum device is recommended for critical deployments. Since its a firewall,
IMHO, you'll be okay with ethernet (and not need gigabit eth or IB etc)

Some questions (dont mind :) ) -
Why exactly are you going for HA ? What do you think might fail ? How
reliable are the other elements in your network ? How apart are you planning
to install the two HA boxes(peers) ? same room ? different rooms ? different
buildings ? different cities ? ..
The configuration of your machines and their interconnection will depend
upon what choice you make for the above questions.


Best regards,

Holding on to anger is like grasping a hot coal with the intent of throwing
it at someone else.

More information about the Plug-mail mailing list