All, I set up failover of two redundant bridging firewalls using the Spanning Tree Protocol options in bridge, and it worked great.
However, when testing failover, it takes between 45 seconds to more than 3 minutes for traffic to start flowing again. The interfaces themselves change state in the expected timeframe, though. The entire network is unmanged switches, and my guess is that the delay is due to waiting for all the ARP caches to clear. Does this sound reasonable? To help, I set the bridge cache to flush every 20 seconds instead of the default 240. It seems to help somewhat. I'm concerned though--is this too frequent? This is the /etc/bridgename.bridge0 file of the master: add fxp0 add rl0 blocknonip fxp0 stp fxp0 stp rl0 maxage 5 hellotime 2 priority 100 ifcost fxp0 100 ifcost rl0 55 timeout 20 fwddelay 7 up Thanks, Ramsey
