The Freefire Bulletin #4 (1999-02-07) Newsletter The Freefire Project tries to help Developers in building Firewall and IT-Security Solutions based on Free Tools. You can find additional information about the Project at the Homepage 0 Executive Info (Ec) --------------------- 1 High Availability (HA) with Open Source (Ec) Mission critical applications 2 Linux-HA HOWTO (hm) Harald Milz talks about the Project 3 fake (Ec) A network superserver with additional features 4 Eddie & Erlang/OTP (Ec) Server Farms and distributed network applications 5 FreeQualizer (Ec) Not realy a free tool - Load Balancer for FreeBSD 6 Misc (Ec) ONE-IP Project, GFS, Linux Virtual Server and the Linux NAT Page 7 Other Freefire News (Ec) New Drawbridge 3.0, Juniper now Open Source 1 High Availabiltiy with Open Source ------------------------------------ Open Source solutions - for firewalls or to secure important Servers - getting more and more common. Companies have realized that external support isnt always the better solution (compared to inhouse know how and Open Source). As the tasks get bigger and bigger more vital parts of a company depend on Open Source systems (By Definition a firewall has to control all external network traffic). Therefore it is time to add support for HA to Free Systems. The most important points for HA are reducing single points of failure (SPOF) and fault tolerant software. Therefore the main focus of this bulletin is on HA solutions. 2 Linux-HA HOWTO/Project (hm) ------------------------------ In today's commercial Unix marketplace, High Availability (HA) is key to selling server solutions. Virtually every Unix supplier has their own HA software solution to provide customers with near-fault-tolerant server systems at moderate prices. As a rule of thumb, redundancy is used to prevent the overall IT system from having single points of failure, a method that has been common in space flight and general aviation for decades. The common objective is to mask unplanned outages from users in a manner to let users continue to work quickly. Unplanned outages can severely hamper your operations. Two 1995 studies by Oracle Corp. and Datamation showed that average businesses lost between 80,000 and 350,000 USD per hour of unplanned outages. After the 1993 World Trade Center bombing, 145 of 350 businesses which were located in the building had to close down within a year because they had no redundant IT structure. That being said, and keeping in mind that Linux starts conquering commercial data centers and business critical use, it is clear that Linux needs its High Availability solution(s) as every other Unix. 3 fake (Ho) ------------ Fake has been designed to switch in backup servers on a LAN. It has been used to success to switch in backup Mail, Web and Proxy servers during periods of both unscheduled and scheduled down time. Fake allows you to take over the IP address of another machine in the LAN by bringing up an additional interface and making use of ARP spoofing. The additional interface can be either a physical interface or an IP alias. 4 Eddiware & Erlang/OTP ------------------------ Eddie is a toolkit for bulding HA Server farms. It comes with 4 components: IP Migration, Load-Balancing DNS, Intelligent HTTP Gateway and Content Replication. Those Aplications are bult on Ericssons Erlang/OTP System. A Open Source Programming Language/Runtime-Environment for distributed HA Solutions. Erlang proofed its usefullness in serveral big telecommunication Projects of Ericsson. Based on Erlang it should be trivial to develop Application level Proxies (which instantly support distributed operation). Thanks to the Erlang/OTP Crew for their helpfull responses. The Erlang/OTP System is abvailable in binary for Linux, Solaris, Windows and FreeBSD but should run on any vanilla Unix, too. 5 FreeQualizer (Ec) ------------------- Additional High Availability Software for FreeBSD is for example FreeQualizer, a Free (non-source) Load Balacer for 2 nodes. 6 Misc (Ec) ----------- The ONE-IP Project is research in progress based on an experimental *BSD Implementation. Two different approaches are made to have multiple servers respond to th same address. Looks like a promising idea. Especially the Broadcast-Based Dispatching looks like a god solution to the SPOF problem with current load-balancing server. A lot more usefull information on Load Balancing and Adress Rewriting can be found on the Linux Address Translation Page from Linas Vepstas. Interesting work is going on in the GFS Project. Shared SCSI Filesystem is a good step towards Linux Clusters for HA Solutions The LinuxDirector is a Load Balancing Tool included in the Linux Virtual Server Package. 7 Other Freefire News --------------------- Russel Nepper announced Drawbridge 3.0. Its running on FreeBSD and supporting Filtering of bridged Data. Obtuse Systems Corporation has announced an Open Source Version of the Juniper Firewall Toolkit. This is a major step towards a complete and free Firewall Solution based on existing tools. Authors of the current issue ---------------------------- Ec - Bernd 'eckes' Eckenfels hm - Harald Milz Ho - Horms (c) Copyright 1999 Bernd Eckenfels and others Bernd Eckenfels , GERMANY