Hi Brian and Joel, I resolved the sync issue today in my environment, I just supplied the IP address of primary(Master) server in the secondary(Slave) server's pfsync config in the section for syncing state tables (I already had the sync state table enabled on secondary server), now if the master server goes down then the slave server becomes master temporarily. When master comes back up, it sync's the state table with the secondary server and the end-user's sessions remain unaffected. Works for me :) Please provide your views.
On Mon, Feb 17, 2014 at 7:29 PM, Brian Candler <[email protected]> wrote: > On 16/02/2014 20:25, Joel Robison wrote: > >> Hey guys- good questions! I remember asking myself the same question and >> what helped me was reading the RFC for VRRP/CARP. essentially when the old >> master domes back up it will pick up the changes because there will already >> be a master running on the pvid, what used to be the slave. >> >> That makes no sense. > > VRRP/CARP are responsible for failing over the virtual IP address - > nothing more. > > pfsync is responsible for keeping the firewall state tables on the master > and slave firewalls in sync. My question was how pfsync deals with the case > of a machine startup, when it has an empty state table. Does it request and > receive a full state dump from the other firewall, and does this happen > before CARP fails back? Otherwise, any existing sessions going through the > firewall will be dropped. > > > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list >
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
