On 16/02/2014 20:25, Joel Robison wrote:
Hey guys- good questions! I remember asking myself the same question
and what helped me was reading the RFC for VRRP/CARP. essentially when
the old master domes back up it will pick up the changes because there
will already be a master running on the pvid, what used to be the slave.
That makes no sense.
VRRP/CARP are responsible for failing over the virtual IP address -
nothing more.
pfsync is responsible for keeping the firewall state tables on the
master and slave firewalls in sync. My question was how pfsync deals
with the case of a machine startup, when it has an empty state table.
Does it request and receive a full state dump from the other firewall,
and does this happen before CARP fails back? Otherwise, any existing
sessions going through the firewall will be dropped.
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
