[TriLUG] CARP license.
Jon Carnes
jonc at nc.rr.com
Tue Mar 30 23:16:07 EST 2004
OpenBSD firewalls now have redundant fail-over built into them. The
protocol used for linking the redundant fail-over firewalls is CARP
(Common Address Redundancy Protocol).
http://www.openbsd.org/lyrics.html
The left sidebar tells the tale of woe that inspired the OpenBSD crew to
write a non-standard "Standard" for doing fail-overs. It's a *very*
interesting read.
One of the reason's I'm a vocal proponent of OpenBSD is their ability to
side step "The MAN" whenever he tries to throw a road block in their
way. In this case the role of the "The MAN" is played by Cisco - with a
lame patent on a flawed redundancy protocol (HSRP). Our heroes are the
OpenBSD programmers who invented CARP, a fundamentally different
protocol for handling fail-over of stateful firewalls. Not only is it
fundamentally different from the official "standard", but it actually
works... and with greater reliability than the current "standard".
So next time you build a firewall - Stick it to The MAN! Use OpenBSD and
CARP!
Jon Carnes
(just waking up from my work induced stupor after some heavy lifting at
a major client)
More information about the TriLUG
mailing list