I have a question about pfsync failover.
Suppose you have a master/slave firewall pair; the master is
broadcasting updates to its state table and the slave is picking them
up. Then you reboot the master firewall. The slave firewall takes over.
When the master firewall comes back, its state table will initiallly be
empty. So does it have a way to request from the slave a dump of the
current state table? And will this transfer be completed before it
becomes master on any CARP interfaces?
I can't see this situation described at
http://www.openbsd.org/faq/pf/carp.html
http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4&manpath=OpenBSD+5.4
It talks about state change messages but not a full resync.
However, I can find a hint of a bulk transfer here:
http://www.freebsd.org/cgi/man.cgi?query=pfsync&sektion=4
and in this old posting:
http://lists.freebsd.org/pipermail/freebsd-net/2006-May/010823.html
Thanks,
Brian.
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
