On 21/11/05, Camiel Dobbelaar <[EMAIL PROTECTED]> wrote:
> On Sun, 20 Nov 2005, Ramsey Tantawi wrote:
> > I set up failover of two redundant bridging firewalls using the
> > Spanning Tree Protocol options in bridge, and it worked great.
> >
> > However, when testing failover, it takes between 45 seconds to more
> > than 3 minutes for traffic to start flowing again. The interfaces
> > themselves change state in the expected timeframe, though. The entire
> > network is unmanged switches, and my guess is that the delay is due to
> > waiting for all the ARP caches to clear. Does this sound reasonable?
>
> Definitely the MAC (not ARP) caches of the bridges and the switches. STP
> devices can help speed up transitions by timing out entries sooner when
> a topology change is detected.
>
> I'm not sure if the OpenBSD bridge does that, the unmanaged switches
> definitely don't. In this case you'd be better off with hubs...
>
> > To help, I set the bridge cache to flush every 20 seconds instead of
> > the default 240. It seems to help somewhat. I'm concerned though--is
> > this too frequent?
>
> With a two port bridge it won't really hurt.
>
I had a problem in my 3.7 openbsd bridges that they did not re-learn
mac-addresses while they still were in the table. In my case something
happened in the network and when things stabilized the openbsd bridge
had incorrect info in the mac-address table and did no re-learn until
I cleared the table.
I wasn't able to troubleshoot more due to the thing being live.
/Tony
--
Tony Sarendal - [EMAIL PROTECTED]
IP/Unix
-= The scorpion replied,
"I couldn't help it, it's my nature" =-
