Hi, I am running OpenBSD 5.0 amd64 on two firewalls using CARP (one master and one backup) for redundancy/fail-over purpose. Now on the backup firewall I noticed that the states synchronised using pfsync on a dedicated NIC with a cross-over cable are at least double as much as on the master firewall. So for example right now there are 15k states on the master firewall and 40k on the backup firewall. From my understanding these numbers should pretty much correlate.
I don't have the feeling I've been doing anything wrong neither as I have documented myself about how configuring CARP and have been running it successfully before using OpenBSD 4.4 (I just re-installed with OpenBSD 5.0). Just in case here are the relevant hostname.* config files: # /etc/hostname.em7 (master fw) inet 10.10.10.1 255.255.255.0 # /etc/hostname.em7 (backup fw) inet 10.10.10.2 255.255.255.0 # /etc/hostname.pfsync0 (master fw) up syncpeer 10.10.10.2 syndev em7 # /etc/hostname.pfsync0 (backup fw) up syncpeer 10.10.10.1 syndev em7 Could it be that my cross-over cable is somehow faulty? or my config is wrong? Thanks for the feedback. Regards, ML
