On Wed, Nov 02, 2005 at 10:41:48AM -0800, Dag Richards wrote: > True I guess I am just trying to justify the time I spent > learning/configuring STP to quiet the local CISCO nazi's who howled at > me for not buying PIX fw's. > > There is the small feature gap in not being able to fail back though. > CARP of course will, but I can not force a pfsync of the states back > before the ip migrates back to the master.
I know at least one person has already responded, but I figured I'd chime in too -- CARP and pfsync *do* fail over and back as one would hope. In my case, I've got two /28's hanging off the back of two -current machines, each with their own interfaces. These two routers each have a public facing /30 and route to those two /28's. Their upstreams are two routers (not OpenBSD) in a similar configuration on two different networks. This setup got its first official test a week or so ago when I was downloading about 100M of data using scp over a fairly slow link and the power cable of the primary was hit. My scp connection never died and just hiccuped for a second or two while things settled. I got an email when the slave became the master and again when the old master booted and regained master status. Since then, these machines have been plugged, unplugged, miswired and had routes drop and my shell from a week or so ago is still up :) So, if you are not able to fail back properly, either something is misconfigured or there is something especially different about your setup. -jon
