Another question: Can P2P traffic create such a great amount of
connections that we might run out of resources to keep the state of
them? Could that be the reason of our problem with pfsync?
No...
And you have of course global limits for states etc i pf.conf as well...
Thanks again.
Ok interesting... You should NOT see thoose errors when you reboot!. But I
bet you don't have two ciscos running HSRP as we do at my web hosting
customer. However... It would probably (as for us) go away if you put IP:s
on the nics and don't just use the virtual ones OR install arp ping from
After hours of thinking, reading manuals and googling I decided to
send a mail to this list.
We have two OpenBSD firewalls using CARP + PFSYNC to provide
redundance. The problem is that long downloads stall randomly. For
example, downloading a 700 MB ISO stalls at about 120 MB, although
We are using OpenBSD 3.7 with carp preemption and we have checked that
all interfaces are connected while booting. Carp preemptive failover
works perfectly: we tested it unplugging the ethernet cable from the
nics which are used for carp.
We also experienced that ARP thing during the migration of
We are using OpenBSD 3.7 with carp preemption and we have checked that
all interfaces are connected while booting. Carp preemptive failover
works perfectly: we tested it unplugging the ethernet cable from the
nics which are used for carp.
We also experienced that ARP thing during the
