HA firewall with floating ip on AWS
We’re going to explore high availability and load balancing using Keepalived and conntrackd.
Keepalived is a routing software designed to provide simple and robust facilities for load balancing and high-availability to Linux systems and Linux-based infrastructures.
In order to overcome the problem, we have to deploy conntrackd in FW1 and FW2. The daemon replicates the state of the connection forwarded by the active node so that the backup can takeover the connection in an appropiate way. We can dump the status of the connections forwarded by the active node:
1.1 keepalived as cluster software
1.2 floating ip on aws
map ElasticIP to cluster instances
1.3 iptables with conntrack