[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Using Remus to build a 2-node HA firewall - is it a good idea?

  • To: xen-users@xxxxxxxxxxxxx
  • From: "Austin S. Hemmelgarn" <ahferroin7@xxxxxxxxx>
  • Date: Mon, 29 Feb 2016 08:06:23 -0500
  • Delivery-date: Mon, 29 Feb 2016 13:08:13 +0000
  • List-id: Xen user discussion <xen-users.lists.xen.org>

On 2016-02-26 19:27, Kuba wrote:
Dear List,

I'm looking for possible solutions to create a 2-node highly available
firewall (pfSense-based) and using Remus to achieve this seems like an
interesting idea, at least at the first glance.

But is this a good idea? Or maybe I'm just out of my mind? ;)

I'm aware that pfSense offers all the functionality required to create
an HA cluster, but I'm really curious about alternative solutions.

I would be very grateful for your opinion.
I hate to say this, but you're over-engineering things. Remus is not really all that mature of a technology, is overkill for a firewall, may not work with FreeBSD (in fact, I'd be willing to bet that it doesn't work at all with FreeBSD as of right now), and requires a lot of work to set up and maintain. pfSense however has all the functionality you need built in, is extremely easy to set up for this, and works amazingly well (we use it where I work for our gateway systems, I regularly do live upgrades, and _nobody_ notices as long as both systems aren't down at the same time), and you can run pfSense without virtualization and get significantly better performance.

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.