13 Nov 2019, 20:21 by [email protected]:
> Rachel Roch [[email protected]] wrote:
>
>> Hi,
>>
>> Both the man page and FAQ (https://www.openbsd.org/faq/pf/carp.html)
>> <https://www.openbsd.org/faq/pf/carp.html> talk about "physical interface"
>> in relation to the syncdev parameter.
>>
>> Does this mean Bad Things (TM) will happen if I try to use a dedicated vlan
>> interface for pfsync ?
>>
>
> It's as secure as your ethernet network is. There is no privacy or
> authentication with pfsync. I don't think that using a vlan is
> considered a big problem these days. I'm absolutely amazed at the
> volume of data that pfsync generates. Since so many boxes come with extra
> ports, using a vlan may be more complicated than directly connecting
> the boxes together (unless you have more than two machines)
>
Thanks Chris !
Regarding the extra port, in my case I'm using that for LACP (my switches
support distributed LACP, so i can have two cables going into two switches)
