posted by Eugenia Loli on Tue 30th Mar 2004 18:46 UTC, submitted by Daniel Hartmeier
IconOpenBSD developer Ryan McBride explains the new firewall redundancy features in the upcoming OpenBSD 3.5 release in his article Firewall Failover with pfsync and CARP.

CARP (Common Address Redundancy Protocol) is a free alternative to the patent-encumbered VRRP, responsible for electing masters in a firewall cluster, while pfsync syncronizes packet filter state information among nodes.

The combination allows to replace single-point-of-failure firewalls with clusters of two (or more) nodes, which continue to filter ongoing and new connections when nodes fail. Additional features like arpbalance allow to share a single IP address for multiple servers, transparently balancing load among them, and adapting to servers failing.

Pre-order for OpenBSD 3.5 has started, CDs will ship May 1st.

e p (0)    9 Comment(s)

Technology White Papers

See More