‐‐‐ Original Message ‐‐‐
On Tuesday, April 30, 2019 9:29 PM, Lyndon Nerenberg wrote:
> On our systems, we run the 'a' machine as primary and the 'b' machine
> as backup. When upgrading, we do the 'b' machine first, since this
> doesn't disrupt the primary. After the 'b' machine is fully c
mabi writes:
> Now I would first like to upgrade the cluster to 6.4 and then to 6.5 and was
> wondering if it is possible to operate that cluster for a short amount of tim
> e having one node running 6.3 and the other node with 6.4 and then the same f
> or going to 6.4 to 6.5.
In general this is
mabi(m...@protonmail.ch) on 2019.04.30 08:21:43 +:
> Hello,
>
> I have an OpenBSD 6.3 firewall cluster made out of two nodes (one master, one
> backup) using CARP and pfsync. This cluster also makes use of trunk and vlan
> interfaces.
>
> Now I would first like to u
‐‐‐ Original Message ‐‐‐
On Tuesday, April 30, 2019 11:20 AM, Igor Podlesny wrote:
> CARP should be of no worries at all and PF state table's sync is
> easily verified.
> If after backup's upgrade-reboot it has roughly same amount of entries
> you can safely demote master and repeat proce
On Tue, 30 Apr 2019 at 15:24, mabi wrote:
[...]
> Is this safe? or could there be any incompatibilities in carp/pfsync which
> would prevent me to do that upgrade in two steps while keeping everything
> online?
CARP should be of no worries at all and PF state table's sync is
easily verified.
I
Hello,
I have an OpenBSD 6.3 firewall cluster made out of two nodes (one master, one
backup) using CARP and pfsync. This cluster also makes use of trunk and vlan
interfaces.
Now I would first like to upgrade the cluster to 6.4 and then to 6.5 and was
wondering if it is possible to operate
Le Wed, 09 Jul 2014 20:33:47 +0200,
Mxher a écrit :
Hello,
> >> I'm doing few more tests and now I'm wondering if this is possible
> >> to disallow CARP to have some resources on serverA and others on
> >> serverB?
You can use ifstated to implement your own logic.
I have a pair of firewall, th
First, thanks for trying to help!
Le 09/07/2014 07:08, Remi Locherer a écrit :
> On Mon, Jul 07, 2014 at 08:44:43PM +0200, Mxher wrote:
>> Hello again,
>>
>> I'm doing few more tests and now I'm wondering if this is possible to
>> disallow CARP to have some resources on serverA and others on serve
On Mon, Jul 07, 2014 at 08:44:43PM +0200, Mxher wrote:
> Hello again,
>
> I'm doing few more tests and now I'm wondering if this is possible to
> disallow CARP to have some resources on serverA and others on serverB?
Have you set the sysctl net.inet.carp.preempt=1?
>
> Here is my tests (advbase
Hello again,
I'm doing few more tests and now I'm wondering if this is possible to
disallow CARP to have some resources on serverA and others on serverB?
Here is my tests (advbase=1 and advskew=0 for every interfaces on both
servers):
* Initial state
root@obsd1:~# ifconfig HA |grep status
Le 06/07/2014 12:05, Otto Moerbeek a écrit :
> On Sun, Jul 06, 2014 at 10:59:16AM +0200, Janne Johansson wrote:
>
>> The sysctl for carp.preempt controls if they should all fail at the same
>> time.
>
> read carp(4). It contains answers to some questions asked.
>
> -Otto
>
>> Den 6 jul 2
On Sun, Jul 06, 2014 at 10:59:16AM +0200, Janne Johansson wrote:
> The sysctl for carp.preempt controls if they should all fail at the same
> time.
read carp(4). It contains answers to some questions asked.
-Otto
> Den 6 jul 2014 10:12 skrev "Adam Thompson" :
>
> > On July 6, 2014 2:51
The sysctl for carp.preempt controls if they should all fail at the same
time.
Den 6 jul 2014 10:12 skrev "Adam Thompson" :
> On July 6, 2014 2:51:03 AM CDT, Mxher wrote:
> >Le 06/07/2014 04:34, Giancarlo Razzolini a écrit :
> >> Em 05-07-2014 16:20, Mxher escreveu:
> >>> 1) Can I group multiple
On July 6, 2014 2:51:03 AM CDT, Mxher wrote:
>Le 06/07/2014 04:34, Giancarlo Razzolini a écrit :
>> Em 05-07-2014 16:20, Mxher escreveu:
>>> 1) Can I group multiple virtuals ips to make them switch all at the
>same
>>> time using CARP ?
>> AFAIK, no. But you can use ifstated.
>I have to admit that
Le 06/07/2014 04:34, Giancarlo Razzolini a écrit :
> Em 05-07-2014 16:20, Mxher escreveu:
>> 1) Can I group multiple virtuals ips to make them switch all at the same
>> time using CARP ?
> AFAIK, no. But you can use ifstated.
I have to admit that I didn't knew about ifstated; I will test it.
>> 2)
Le 05/07/2014 22:37, sven falempin a écrit :
>
> read the FAQ, dont forget to sync the states and use ifstated to change the
> modem state when swithcing master fw.
>
>
Actually I read it but I didn't notice ifstated; after a quick look it
seems quite interesting.
Thank you.
Em 05-07-2014 16:20, Mxher escreveu:
> 1) Can I group multiple virtuals ips to make them switch all at the same
> time using CARP ?
AFAIK, no. But you can use ifstated.
> 2) About modems interfaces, I can't have them UP on both firewalls at
> the same time.
> How would you managed that?
You're dial
On Sat, Jul 5, 2014 at 3:20 PM, Mxher wrote:
> Hello everyone,
>
> At work we are using a firewall cluster of two Linux servers but I'm
> trying to change this; especially to replace iptables/netfilter by pf
> (mostly for performances and 'easy to maintain' reasons)
Hello everyone,
At work we are using a firewall cluster of two Linux servers but I'm
trying to change this; especially to replace iptables/netfilter by pf
(mostly for performances and 'easy to maintain' reasons).
Here is the thing: right now if the active node is seen dead, all
19 matches
Mail list logo
