OPNsense Forum

English Forums => General Discussion => Topic started by: peksi on May 15, 2017, 07:52:39 am

Title: High availability
Post by: peksi on May 15, 2017, 07:52:39 am

Just joined the forum as I am seriously considering OpnSense as my next routing firewall solution. I've used Linux with iptables (fwbuilder GUI), routes and openvpn with LDAP backend since pre 2000 and it has worked like a rock.

I would like to install my next firewall as a virtual guest keeping another instance as hot standby in another host. Is that possible to do? Do you think it is a smart thing to do that way? I've seen large organizations do that with their Sophos etc.

What technologies in OpnSense would you consider the most solid and best suitable for production use?

Title: Re: High availability
Post by: bartjsmit on May 15, 2017, 08:35:34 am

OPNsense has its own HA: https://docs.opnsense.org/manual/hacarp.html and there are options for virtual machines in general. VMware and Microsoft offer hardware failover but that's based on at least two physical machines with shared storage and has licence costs.

You need to consider what you're guarding against. If it is a configuration change, you don't need to do anything; OPNsense keeps older configurations and you can simply go back to a date when things worked from the console. If it is off-site backup, you can upload your config to Google drive out of the box. You will need to take into account that restoring a backup involves a clean build with import of your last config. You can meet a shorter RTO if you take regular clones of your VM; like ghettovcb for ESXi.

Bart...

Title: Re: High availability
Post by: peksi on May 15, 2017, 11:15:31 am

Looks promising. Does it have any fencing?

Title: Re: High availability
Post by: bartjsmit on May 15, 2017, 01:57:00 pm

I'm not aware of any. CARP doesn't mandate it

Title: Re: High availability
Post by: peksi on May 16, 2017, 08:15:21 am

Maybe it is solved in some other way. I have no experience in CARP but there must be some system that can handle a defunct virtual server to kill it and let secondary node take over?

With HA one problem (at least mine) is when a defunct service gets so badly stuck it won't shut down and keeps the IP / resource occupied. That's where the fencing comes in and kills the system to make way for backup node to become active. With virtual guests I need to run a daemon with the hosts that can be called to kill zombie guests.

Title: Re: High availability
Post by: bartjsmit on May 16, 2017, 09:48:26 am

I've only used CARP in a sandbox. It uses virtual IP's and heartbeat, but as you say, a node could get to a state where it still heartbeats but doesn't route.

Title: Re: High availability
Post by: peksi on May 16, 2017, 12:06:42 pm

There exists technologies to kill a nonresponsive virtual guest such as fence_kvm. Maybe that would be a development idea.

Title: Re: High availability
Post by: bartjsmit on May 17, 2017, 09:00:13 am

The best place for feature requests is github https://github.com/opnsense/core/blob/master/CONTRIBUTING.md

Bart...