We have two open bsd firewalls. f1 and f2. f1 is master and f2 is the backup using carp.
Recently, we noticed all of our network traffic inside the firewall slowed down to the point where it was difficult to access anything. After some nosing around we noticed that f2, the em2 interface which is using CARP pfsync, was causing an extremely large amounts of errors, essentially choking out the rest of the network traffic. We restarted f1 and f2 to see if that helped, it did not. Ultimately we shutdown f2 and that unclogged the network. We need to repair whatever is causing the issue, but I'm at a bit of a loss as to what exactly needs to be done. We plan on restarting f2, and doing the following: 1. Failover to f2, and back to f1 to see if the are communicating effectively 2. deactivate the em2 interface, and perform tests on the hardware 3. If the issues are still occurring isolate fw2, and perform a full battery of tests on the server hardware. I apologize for the vagueness of the question, but I'm at a loss as to what's going on. I've looked for similar problems online, but have been unable to find them. What else should I be doing, and what specific things should I be checking to determine what is going wrong with the carp interface? thanks. myles.
