On Thursday 18 October 2007 14:32:13 Milan Obuch wrote: > On Thursday 18 October 2007 12:50:19 Max Laier wrote: > > On Thursday 18 October 2007, Klavs Klavsen wrote: > > > I tried to just disable carp on the new machine (simply comment out > > > carp config from /etc/rc.conf.local) and now the packet loss is gone - > > > and hasn't been there for half an hour, so far. > > > > I supposed you also had to change your firewall rules? Otherwise your > > ruleset might not be ready to deal with carp and that could be the reason > > why you get the bad results? Start debugging by looking at "netstat -ssp > > carp" on either machine and take a careful look at your pf.conf. I also > > suggest that you add "log" to all you block rules and watch tcpdump on > > pflog0 while pinging. > > > > > Seems the carp network interfaces has bugs. > > > > That's a pretty bold assertion given the limited debugging you have > > done ;) > > I am experiencing something similar. I am trying to put together two PC > firewall with failover. My rc.conf has following lines >
[ snip ] I did even simpler test: one firewall with one switch. ifconfig fxp0 10.0.0.1/26 ifconfig carp0 create ifconfig carp0 10.0.0.2/26 vhid ... pass ... switch has IP 10.0.0.3 ping -S 10.0.0.1 10.0.0.3 works, no loss. ping -S 10.0.0.2 10.0.0.3 does not work well, ~ 80 % packet loss. This seems unusable to me. I see no simpler test right now... Regards, Milan -- No need to mail me directly. Just reply to mailing list, please. _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
