--On Thursday, August 10, 2006 4:00 PM +0100 Robin Breathe <[EMAIL PROTECTED]> wrote:
I fear you're missing the point: with "ndd -set /dev/pfil qif_ipmp_set ipmp0=ce0,qfe0" you create a logical, named *pfil* interface which can be *referenced by pfil's clients* - i.e. ipfilter. Ipfilter is monitoring traffic from or to an interface via pfil. If pfil is configured with a logical IPMP interface (the code is there to handle failovers, etc) then I don't see what the problem is. This works perfectly for filtering traffic flowing over the logical-pfil-ipmp interface (see my original post), I just can't fastroute to it.
No, you can't, because _which_ underlying interface would pfil use? What algorithm would it use to decide? Aggregating _inbound_ traffic with an alias is easy. Outbound traffic is much harder. You'd have to extend pfil to be IPMP aware (or vice-versa), or put channel bonding logic into pfil. And without the new driver framework that allows bonding, I'm not sure pfil would have enough layer 1/2 data to make an informed decision.
You could send each packet out _both_ interfaces, but that has other side effects that I doubt you want...
Of course if you'd like to add such logic to pfil, I suspect Darren would be happy to accept patches... ;-)
-- Carson
