Hot Standby/Backup Router

bradrel

Hello,

I have a location where I would like to setup a backup router that can be put into production with very little configuration/changes.  I can't do true CARP since there is a single WAN connection with a single DHCP address.

From what I can tell there are two options:

1. Setup CARP/High Availability Sync with the backup router in "Persistent Maintenance Mode".
2. Use AutoConfigBackup (I have a Gold membership), setup the backup as "bare-bones" and then restore the config in the event the primary fails.

Packages: pfBlockerNG, squid3, squidGuard

Questions for option 1:
What happens if the primary can not be put back into service after it fails?
Do I need to sync my additional packages separately?

Questions for option 2:
Will the restore from AutoConfigBackup also install the additional packages?
Will the restore also restore the configuration for the additional packages?

Does anyone have a recommendation on which option would be better?

Thanks in advance
–
Brad

KOM

I prefer Option C: an image of the disk/flash.  Depending on the packages you hav einstalled, sometimes a config.xml restore doesn't quite work right.  I would get it working, configure everything the exact way I wanted it and then I would image the drive to a file or another drive.

bradrel

@KOM:

I prefer Option C: an image of the disk/flash.  Depending on the packages you hav einstalled, sometimes a config.xml restore doesn't quite work right.  I would get it working, configure everything the exact way I wanted it and then I would image the drive to a file or another drive.

Thanks for the suggestion.  I have two concerns on this method.  First is the end-user's ability to restore the image to the backup system and second is that changes that are made to the configuration that are made on a daily/weekly basis (mostly squid/filtering).

KOM

Hmm.  If you're making frequent changes then a config.xml backup/restore is the simplest way to do it.  If you have non-technical users responsible for disaster recovery, then perhaps a full unit on standby combined with a config.xml backup.  They could just plug the standby unit in and then restore from config.xml.  Some packages may need tweaking or reinstallation at worst, but at least the users will be online.

bradrel

@KOM:

Hmm.  If you're making frequent changes then a config.xml backup/restore is the simplest way to do it.  If you have non-technical users responsible for disaster recovery, then perhaps a full unit on standby combined with a config.xml backup.  They could just plug the standby unit in and then restore from config.xml.  Some packages may need tweaking or reinstallation at worst, but at least the users will be online.

Got it.  Would I need to have all the additional packages already installed on the backup unit, and would the config.xml file include the configuration for those packages?

KOM

I don't know if it makes a difference either way but personally I would get a standby unit fully working with everything you need in the way of packages, and then rely on config.xml to update it to current rules, aliases, URLs etc.