Charles Holbrook
2003-Mar-06 17:06 UTC
[Shorewall-users] leafbering-uclibc/shorewall/keepalived/IPSEC project
Just a little notice to let everyone know that I have finished the last big configuration part of this firewall plan. As I get ready to go into testing and writing the HOWTO, are there any situations in particular you would be interested in me testing out while I have it in R&D? Also are there any specific points or obscure points you might want me to cover in the HOWTO? Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam.
Tom Eastep
2003-Mar-06 17:35 UTC
[Shorewall-users] leafbering-uclibc/shorewall/keepalived/IPSEC project
--On Thursday, March 06, 2003 07:04:00 PM -0600 Charles Holbrook <lamdamu@jump.net> wrote:> Just a little notice to let everyone know that I have finished the last > big configuration part of this firewall plan. As I get ready to go into > testing and writing the HOWTO, are there any situations in particular you > would be interested in me testing out while I have it in R&D? Also are > there any specific points or obscure points you might want me to cover in > the HOWTO? >Charles, By this time, you know a lot more about this subject than I do -- I''ll trust your judgment about the HOWTO. Having said that though, I have worked with fault-tolerant computers for 22+ years so I can advise you about several things to try: a) Split Brain -- break the communications links between the two routers and determine if sane behavior results. If not, document the limitations. b) After a fail-over, reboot the failed system and when it is almost up, kill the other router. Does the router being rebooted come up and assume control properly or does it still think that it is the backup router? c) While the routers are under load, spend several hours killing either the primary or the backup router at random intervals then rebooting them. There should be no anomalies but if there are and if they are unavoidable then they must be documented. d) Simulate power failures - while they are under load, power off both routers then power them back on. What happens? Is that acceptable given that the routers might be unattended? If not, document the limitation. e) Same as d) only power off the routers at different times varying which router (primary or backup) fails first. With our NonStop (tm) systems, we do this type of testing and much more -- unfortunately, when the results are unacceptable, we can''t simply "document the limitation"; we have to fix it :-) -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
John S. Andersen
2003-Mar-06 17:37 UTC
[Shorewall-users] leafbering-uclibc/shorewall/keepalived/IPSEC project
On 6 Mar 2003 at 19:04, Charles Holbrook wrote:> Just a little notice to let everyone know that I have finished the > last big configuration part of this firewall plan. As I get ready to > go into testing and writing the HOWTO, are there any situations in > particular you would be interested in me testing out while I haveit> in R&D? Also are there any specific points or obscure points you > might want me to cover in the HOWTO? > > > Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuumsaxum> immane mittam. >Yes... Integration with a DHCP address on both ends...Perhaps using something like DynDns.org or some such. Iligitimi Non Carborundem ______________________________________ John Andersen NORCOM / Juneau, Alaska http://www.screenio.com/ (907) 790-3386_______________________________________ John S. Andersen NORCOM mailto:JAndersen@norcomsoftware.com Juneau, Alaska http://www.screenio.com/