[nycbug-talk] CARP in OBSD 3.5

Chris McCulloh chrislist
Thu Mar 25 13:08:27 EST 2004




Never let it be said the OpenBSD team isn't on top of things.  As you will
recall from Wes and Jason's excellent talk on OBSD/Security, one of their
greatest concerns with OBSD when it comes to installation in a firewall
capacity was the great difficulty in making the setup redundant, and the
inability for full, active redundancy.

About to hit release, and it couldn't be more topical, is OpenBSD 3.5. 
One of its major new features is CARP, the Common Address Redundancy
Protocl.  I won't get into too much detail, but suffice it to say that
their tests involved four systems acting as a redundant firewall with
randomized reboot cycles.  All that was required for full user
functionality was that any one of those four be functional and online. 
Failover is completely seamless to end users.  I'm hoping to setup two
test boxen here to play with the snapshot, and if I do I'll let people
know my results.

Anybody else yet played with OBSD 3.5 at all?


Chris McCulloh
Secure Systems Architect
Sinetimore, LLC

  e: cmcculloh at sinetimore.com
  t: 212.504.0288
  f: 212.656.1469
  w: http://www.sinetimore.com
  a: 40 Broad Street, 4th Floor, New York, NY 10004, USA
key: http://www.sinetimore.com/chriskey.pub
   : [ 9508 07E0 9E6C DD05 4419 40FA 4D96 FD82 24CE 0273 ]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.nycbug.org/pipermail/talk/attachments/20040325/a91f6748/attachment.bin 

More information about the talk mailing list