Fwd: pf + pfsync + carp testing ...
Matthew Grooms
mgrooms at seton.org
Wed Mar 2 23:15:55 GMT 2005
Gleb & Max,
Fantastic! The carp interfaces work like a champ now on RELENG_5.
I have been testing the fail over for about half an hour and the MASTER
/ BACKUP state changes have worked 100% of the time. I really appreciate
both of you taking the time to get this stuff into FreeBSD.
On a slightly more depressing note, I don't think that state via
pfsync seems to be working right between the two firewalls. Sometimes (
maybe every 1 out of 4 tries ) when the interfaces fail over, the
traffic flow stops. The reason why I believe it is a state sync issue is
that new connections can always be opened even while the previously
opened connections are stalled. This doesn't always happen when an
interface is going down either. It happens just as often when an
interface is coming back up and reclaims a MASTER state. Any ideas?
Matthew
Gleb Smirnoff wrote:
> Matthew,
>
> Yes. There was an error in there. Frank Volf has already showed me it in private
> mail. Sorry for this. I'm working in HEAD now, where miibus and em does not need
> this hacks.
>
> Fixed patch available at the same place:
>
> http://people.freebsd.org/~glebius/totest/carp-RELENG_5-patch
>
More information about the freebsd-pf
mailing list