On 17/02/2014 14:33, Jim Thompson wrote:
See your link http://www.openbsd.org/faq/pf/carp.html
Yes I've read it. As far as I can see, it talks about "state change
messages" and "state table updates" only. I see nothing about
re-synchronising the entire state table; if that happens, under what
circumstances it happens; nor whether CARP failover is delayed until the
machine has completed synchronising its state table.
I *have* now found a third-party document which says this happens:
http://www.countersiege.com/doc/pfsync-carp/
"When the pfsync interface first comes up, pfsync broadcasts a request
for a bulk update of the entire state table. After this, all updates to
the state table are on a per-state, best effort basis. pfsync attempts
to prevent carp from taking ownership of the common addresses until the
bulk update has completed."
I don't know whether the version of pf in pfsense/FreeBSD 8.3 implements
this. If this functionality has been in there since the introduction of
pfsync then presumably it does.
Also: pfsense optionally lets you configure an IP to unicast state table
updates to. If you do this, how does the second box send updates back to
the first box when it's master? You'd put different unicast destination
addresses on the two boxes?
Regards,
Brian.
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
