I'm building a failover firewall for a server cluster and started looking at the various options. I'm more familiar with carp on freebsd, but need to use linux for this project.
Searching google has produced several different projects, but no clear information about features they provide . CARP gave virtual interfaces that failover, I am not really clear on whether that's what corosync does, or is that what pacemaker does?
On the other hand I did get manage to get keepalived working. However, I noted that corosync provides native support for infiniband. This would be useful for me.
Perhaps someone could shed some light on the differences between:
- corosync
- keepalive
- pacemaker
- heartbeat
Which product would be the best fit for router failover?
EDIT: So I worked out a little more...
Pacemaker is the bigger project that can use Corosync & Pacemaker. It seems that Corosync & Heartbeat basically do the same thing. So you choose one or the other.
Heartbeat seems to be an older project but is still being worked on.
Keepalive on the other hand is an entirely different project and implements the VRRP protocol. It has lees features than the others. It appears to still be widely used but is missing recent documentation.
Unfortunately, for firewall/router failover there are very little examples. Has anyone found some nice howto's? I've found one written in Spanish.
Here is the general rule of thumb I have used when deciding between keepalived and heartbeat.
Heartbeat is usually used when you want a true active/standby cluster setup (where only one node is actually "up.") Think NFS. Usually w/ Heartbeat the pre and post script actions are used to start and stop services.
Keepalived is much simpler, and is usually used for hot-standby usage (i.e. To keep a service up in a redundant fashion.)
A good usage example with keepalived that I have had success with is for redundant Nginx load balancers. In that situation, if a node fails, the "floating ip" moves over to the backup node.
Keepalived is simple, but it allows you to create your own check scripts (that would trigger a failover, etc.) Some info: https://tobrunet.ch/2013/07/keepalived-check-and-notify-scripts/
Which is best for you depends on your situation: keepalived is a good fit for router failover.
Have you looked at ucarp? We use it for the same purpose you're planning on our Linux firewalls.