Router and Firewall Redundancy with OpenBSD and CARP


Autoria(s): Attebury, Garhan; Ramamurthy, Byrav
Data(s)

01/01/2006

Resumo

As more reliance is placed on computing and networking systems, the need for redundancy increases. The Common Address Redundancy Protocol (CARP) protocol and OpenBSD’s pfsync utility provide a means by which to implement redundant routers and firewalls. This paper details how CARP and pfsync work together to provide this redundancy and explores the performance one can expect from the open source solutions. Two experiments were run: one showing the relationship between firewall state creation and state synchronization traffic and the other showing how TCP sessions are transparently maintained in the event of a router failure. Discussion of these simulations along with background information gives an overview of how OpenBSD, CARP, and pfsync can provide redundant routers and firewalls for today’s Internet.

Formato

application/pdf

Identificador

http://digitalcommons.unl.edu/cseconfwork/68

http://digitalcommons.unl.edu/cgi/viewcontent.cgi?article=1061&context=cseconfwork

Publicador

DigitalCommons@University of Nebraska - Lincoln

Fonte

CSE Conference and Workshop Papers

Palavras-Chave #Computer Sciences
Tipo

text