[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Opinion on firewall virtualization with Xen

Am Mittwoch, 22. November 2006 10:28 schrieb Abel Martín:
> I'd like to hear your opinion on xenifying several Debian boxes that
> run iptables to offer independent and isolated configuration for
> different networks. Would it be mad setting up a dom0 with a large
> number of domUs inside it to provide this?
> I'm actually working on this combined with high availability using
> heartbeat for sharing gateway IPs, and bonding or STP to provide
> network failure tolerance. The idea is to have two dom0s on different
> servers with a high availability link (via bonding or STP) and several
> paired domUs in both dom0s sharing a common resource which would be an
> IP address (via heartbeat).
I'm in the process of doing exactly this right now. One domU for each 
services, e.g. DNS, mail, web, etc. Works well so far (but the HA aspect is 
still missing). How would you approach this? One drbd device per domU or 2 
drbds with disk images on it?


Gibraltar firewall       http://www.gibraltar.at/

Attachment: pgpOa_R6NmEBP.pgp
Description: PGP signature

Reply to: