[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Using Remus to build a 2-node HA firewall - is it a good idea?

To: xen-users@xxxxxxxxxxxxx
From: Kuba <kuba.0000@xxxxx>
Date: Mon, 29 Feb 2016 18:13:35 +0100
Delivery-date: Mon, 29 Feb 2016 17:15:00 +0000
List-id: Xen user discussion <xen-users.lists.xen.org>

W dniu 2016-02-29 o 14:06, Austin S. Hemmelgarn pisze:

On 2016-02-26 19:27, Kuba wrote:

Dear List,

I'm looking for possible solutions to create a 2-node highly available
firewall (pfSense-based) and using Remus to achieve this seems like an
interesting idea, at least at the first glance.

But is this a good idea? Or maybe I'm just out of my mind? ;)

I'm aware that pfSense offers all the functionality required to create
an HA cluster, but I'm really curious about alternative solutions.

I would be very grateful for your opinion.

I hate to say this, but you're over-engineering things.  Remus is not
really all that mature of a technology, is overkill for a firewall, may
not work with FreeBSD (in fact, I'd be willing to bet that it doesn't
work at all with FreeBSD as of right now), and requires a lot of work to
set up and maintain.  pfSense however has all the functionality you need
built in, is extremely easy to set up for this, and works amazingly well
(we use it where I work for our gateway systems, I regularly do live
upgrades, and _nobody_ notices as long as both systems aren't down at
the same time), and you can run pfSense without virtualization and get
significantly better performance.

Yes, I'm perfectly aware that this might be an overkill and that pfSensehas all the functionality built-it. In fact, the only real problem Ihave with that solution is lack of enough IPs on the WAN side, butthat's a minor issue.

The truth is I'm a little bit fascinated by the idea of a completelytransparent HA provided by the hypervisor. Having a single solution thatcan solve this problem regardless of the type of the VM (be it afirewall, a server or any other VM) really resonates with.

But I guess it's not yet the time for this, though I'm sure theingenious folks that develop Xen will make it possible one day :)


Nonetheless, thank you all for your input, I really appreciate it.

Best regards,
Kuba

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

References:
- [Xen-users] Using Remus to build a 2-node HA firewall - is it a good idea?
  - From: Kuba
- Re: [Xen-users] Using Remus to build a 2-node HA firewall - is it a good idea?
  - From: Austin S. Hemmelgarn

Prev by Date: Re: [Xen-users] Xen 4.4.1 on Debian Jessie: freeze using "xl create" on second VM
Next by Date: Re: [Xen-users] Xen 4.4.1 on Debian Jessie: freeze using "xl create" on second VM
Previous by thread: Re: [Xen-users] Using Remus to build a 2-node HA firewall - is it a good idea?
Next by thread: [Xen-users] ICH9 and sound problems
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.