Hi folks, I know I'm unoriginal in my trying to use pf + pfsync + carp :-) But am I unique in observing the following trouble?
I have two symmetric routers running rather fresh RELENG_5 (just a few days old) and CARP from the patch by Glebius. As soon as I enable pfsync between them over a dedicated pair of interfaces, they really start to exchange state updates, but at the same time established TCP states start to expire extremely fast. By coincidence I noticed that when "timeout interval" was 20, an idle TCP state lasted for 12-13 seconds in both PF's; but when "timeout interval" was 8, a TCP state vanished after 2-3 seconds of inactivity. The whole issue looks like the other PF expires a state too fast and sends the corresponding update back to the PF originating the state. Disabling pfsync between the routers remedies the problem at once. Did I hit a known pitfall? -- Yar _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
