On 2019-11-13, Chris Cappuccio <ch...@nmedia.net> wrote: > Rachel Roch [rr...@tutanota.de] wrote: >> Hi, >> >> Both the man page and FAQ (https://www.openbsd.org/faq/pf/carp.html) >> <https://www.openbsd.org/faq/pf/carp.html> talk about "physical interface" >> in relation to the syncdev parameter. >> >> Does this mean Bad Things (TM) will happen if I try to use a dedicated vlan >> interface for pfsync ? >> > > It's as secure as your ethernet network is. There is no privacy or > authentication with pfsync. I don't think that using a vlan is > considered a big problem these days. I'm absolutely amazed at the > volume of data that pfsync generates. Since so many boxes come with extra > ports, using a vlan may be more complicated than directly connecting > the boxes together (unless you have more than two machines) > >
Use jumbos if you can.