|
Pfsync
pfsync is a computer protocol used to synchronise firewall states between machines running Packet Filter (PF) for high availability. It is used along with CARP to make sure a backup firewall has the same information as the main firewall. When the main machine in the firewall cluster dies, the backup machine is able to accept current connections without loss. See also * OpenBSD * PF (firewall) * CARP * Linux-HA * Linux Virtual Server Linux Virtual Server (LVS) is load balancing software for Linux kernel–based operating systems. LVS is a free and open-source project started by Wensong Zhang in May 1998, subject to the requirements of the GNU General Public License (GPL ... References External links PF: Firewall Redundancy with CARP and pfsync ''(OpenBSD PF FAQ)''pfsync(4) man-page in OpenBSD, FreeBSD and NetBSD sys/net/if_pfsync.h in OpenBSDsys/net/if_pfsync.c in OpenBSD Internet protocols High-availability cluster computing BSD software OpenBSD F ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Computer Protocol
A communication protocol is a system of rules that allows two or more entities of a communications system to transmit information via any kind of variation of a physical quantity. The protocol defines the rules, syntax, semantics Semantics (from grc, σημαντικός ''sēmantikós'', "significant") is the study of reference, meaning, or truth. The term can be used to refer to subfields of several distinct disciplines, including philosophy Philosophy (f ... and synchronization of communication and possible Error detection and correction, error recovery methods. Protocols may be implemented by Computer hardware, hardware, software, or a combination of both. Communicating systems use well-defined formats for exchanging various messages. Each message has an exact meaning intended to elicit a response from a range of possible responses pre-determined for that particular situation. The specified behavior is typically independent of how it is to be Implementation, ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
OpenBSD
OpenBSD is a security-focused operating system, security-focused, free and open-source, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by fork (software development), forking NetBSD 1.0. According to the website, the OpenBSD project emphasizes "portability, standardization, correctness, proactive security and integrated cryptography." The OpenBSD project maintains software portability, portable versions of many subsystems as package manager, packages for other operating systems. Because of the project's preferred BSD license, many components are reused in proprietary and corporate-sponsored software projects. The firewall (computing), firewall code in Apple Inc., Apple's macOS is based on OpenBSD's PF (firewall), PF firewall code, Android (operating system), Android's Bionic (software), Bionic C standard library is based on OpenBSD code, LLVM uses OpenBSD's regular expression library, and Windows 10 uses OpenSSH ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Firewall States
In computing, a stateful firewall is a network-based firewall that individually tracks sessions of network connections traversing it. Stateful packet inspection, also referred to as dynamic packet filtering, is a security feature often used in non-commercial and business networks. Description A stateful firewall keeps track of the state of network connections, such as TCP streams, UDP datagrams, and ICMP messages, and can apply labels such as ''LISTEN'', ''ESTABLISHED'', or ''CLOSING''. State table entries are created for TCP streams or UDP datagrams that are allowed to communicate through the firewall in accordance with the configured security policy. Once in the table, all ''RELATED'' packets of a stored session are streamlined allowed, taking fewer CPU cycles than standard inspection. Related packets are also permitted to return through the firewall even if no rule is configured to allow communications from that host. If no traffic is seen for a specified time (implementat ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
PF (firewall)
PF (Packet Filter, also written pf) is a BSD licensed stateful packet filter In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted network and an untrusted n ..., a central piece of software for firewalling. It is comparable to netfilter (iptables), Ipfirewall, ipfw, and ipfilter. PF was developed for OpenBSD, but has been #Ports, ported to many other operating systems. History PF was originally designed as replacement for Darren Reed's IPFilter, from which it derives much of its rule syntax. IPFilter was removed from OpenBSD's Concurrent Versions System, CVS tree on 30 May 2001 due to OpenBSD developers' concerns with its license. The initial version of PF was written by Daniel Hartmeier. It appeared in OpenBSD 3.0, which was released on 1 December 2001. It was later extensively redesigned by Henning Brauer ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
High Availability
High availability (HA) is a characteristic of a system which aims to ensure an agreed level of operational performance, usually uptime, for a higher than normal period. Modernization has resulted in an increased reliance on these systems. For example, hospitals and data centers require high availability of their systems to perform routine daily activities. Availability refers to the ability of the user community to obtain a service or good, access the system, whether to submit new work, update or alter existing work, or collect the results of previous work. If a user cannot access the system, it is – from the user's point of view – ''unavailable''. Generally, the term '' downtime'' is used to refer to periods when a system is unavailable. Principles There are three principles of systems design in reliability engineering which can help achieve high availability. # Elimination of single points of failure. This means adding or building redundancy into the system so tha ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Common Address Redundancy Protocol
The Common Address Redundancy Protocol or CARP is a computer networking protocol which allows multiple hosts on the same local area network to share a set of IP addresses. Its primary purpose is to provide failover redundancy, especially when used with firewalls and routers. In some configurations, CARP can also provide load balancing functionality. CARP provides functionality similar to Virtual Router Redundancy Protocol (VRRP) and to Cisco Systems' Hot Standby Router Protocol (HSRP). It is implemented in several BSD-based operating systems and has been ported to Linux (ucarp). Example If there is a single computer running a packet filter, and it goes down, the networks on either side of the packet filter can no longer communicate with each other, or they communicate without any packet filtering. If, however, there are two computers running a packet filter, running CARP, then if one fails, the other will take over, and computers on either side of the packet filter will not ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
ONLamp
O'Reilly Media (formerly O'Reilly & Associates) is an American learning company established by Tim O'Reilly that publishes books, produces tech conferences, and provides an online learning platform. Its distinctive brand features a woodcut of an animal on many of its book covers. Company Early days The company began in 1978 as a private consulting firm doing technical writing, based in the Cambridge, Massachusetts area. In 1984, it began to retain publishing rights on manuals created for Unix vendors. A few 70-page "Nutshell Handbooks" were well-received, but the focus remained on the consulting business until 1988. After a conference displaying O'Reilly's preliminary Xlib manuals attracted significant attention, the company began increasing production of manuals and books. The original cover art consisted of animal designs developed by Edie Freedman because she thought that Unix program names sounded like "weird animals". Global Network Navigator In 1993 O'Reilly Media cre ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Linux-HA
The Linux-HA (High-Availability Linux) project provides a high-availability ( clustering) solution for Linux, FreeBSD, OpenBSD, Solaris and Mac OS X which promotes reliability, availability, and serviceability (RAS).Alan Robertson ''The Evolution of The LinuxHA project''. IBM Linux Technology Center, 201/ref> The project's main software product is Heartbeat, a GNU General Public License, GPL-licensed portable cluster management program for high-availability clustering. Its most important features are: * no fixed maximum number of nodes - Heartbeat can be used to build large clusters as well as very simple ones * resource monitoring: resources can be automatically restarted or moved to another node on failure * fencing mechanism to remove failed nodes from the cluster * sophisticated policy-based resource management, resource inter-dependencies and constraints * time-based rules allow for different policies depending on time * several resource scripts (for Apache, IBM Db2, ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Linux Virtual Server
Linux Virtual Server (LVS) is load balancing software for Linux kernel–based operating systems. LVS is a free and open-source project started by Wensong Zhang in May 1998, subject to the requirements of the GNU General Public License (GPL), version 2. The mission of the project is to build a high-performance and highly available server for Linux using clustering technology, which provides good scalability, reliability and serviceability. Overview The major work of the LVS project is now to develop advanced IP load balancing software (IPVS), application-level load balancing software (KTCPVS), and cluster management components. * IPVS: an advanced IP load balancing software implemented inside the Linux kernel. The IP Virtual Server code is merged into versions 2.4.x and newer of the Linux kernel mainline. * KTCPVS: implements application-level load balancing inside the Linux kernel, still under development. LVS can be used for building highly scalable and highly ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Internet Protocols
The Internet protocol suite, commonly known as TCP/IP, is a framework for organizing the set of communication protocols used in the Internet and similar computer networks according to functional criteria. The foundational protocols in the suite are the Transmission Control Protocol (TCP), the User Datagram Protocol (UDP), and the Internet Protocol (IP). In the development of this networking model, early versions of it were known as the Department of Defense (DoD) model because the research and development were funded by the United States Department of Defense through DARPA. The Internet protocol suite provides end-to-end data communication specifying how data should be packetized, addressed, transmitted, routed, and received. This functionality is organized into four abstraction layers, which classify all related protocols according to each protocol's scope of networking. An implementation of the layers for a particular application forms a protocol stack. From lowest to high ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
High-availability Cluster Computing
High availability (HA) is a characteristic of a system which aims to ensure an agreed level of operational performance, usually uptime, for a higher than normal period. Modernization has resulted in an increased reliance on these systems. For example, hospitals and data centers require high availability of their systems to perform routine daily activities. Availability refers to the ability of the user community to obtain a service or good, access the system, whether to submit new work, update or alter existing work, or collect the results of previous work. If a user cannot access the system, it is – from the user's point of view – ''unavailable''. Generally, the term ''downtime'' is used to refer to periods when a system is unavailable. Principles There are three principles of systems design in reliability engineering which can help achieve high availability. # Elimination of single points of failure. This means adding or building redundancy into the system so that fa ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
