[Fedora] Re: Failover setup

[tom]

On Tue, 17 Apr 2007, Ashley M. Kirchner wrote:

> Rick Stevens wrote:
>> You still have a single point of failure
>> (the Linux box), but you have redundant broadband links.
>>
>   Guys, the problem isn't the lines going down.  We have a Cisco router 
> handling two T1s coming in and it does just fine whenever some  idiot 
> contractor decides to slice a cable somewhere in town.  That's not where my 
> problem is.  My problem is the firewall that sits between the Cisco and our 
> internal network.  That's what I'm trying to figure out some kind of failover 
> setup.
>

I'm a few light years away from being a network guru, so grab a large 
block of salt here. However...

>From what I understand of your setup, you are worried about a the firewall 
machine getting wonky, and not the router. The router talks to two 
different broadband connections, and the firewall sits between the router 
and inside.

How about something like such: connect an inside machine via both the 
network and something else which can force a reboot, either a serial 
link to the firewall box with root priveledges, or a software controled 
power switch. Now periodically, say once every two minutes, run 
a traceroute to one or more of the outside destinations which your people 
need to get to (preferably destinations that you actually control, lets 
not be rude to slashdot or redhat for obvious reasons.) When the 
traceroute fails, look at the failure point. If things fail at the 
firewall, force the reboot. If a full traceroute is too heavy, try a 
single packet ping, followed by a traceroute when the ping gets hosed 
twice in a row. Slightly more complicated scripting, probably 
significantly less network load.

Possibly a slightly stronger alternative would be to combine the router 
and firewall, but apparently somebody doesn't want to do so. (And I'd be 
that somebody, as I'm not sure I could get the firewall and routes going 
correctly at the same time.)

Hope this helps, and thanks to all for the bandwidth.