> I agree, that's why I spent a long time trying to get all the switches > configured correctly. And whilst it is rare, sadly one of our providers > in particular just outright refuses to enable port-fast as they don't > trust all their colo members (kinda don't blame them). > > I also don't want to put another switch (or 2 so no single point of > failure) in-between our firewalls and the providers WAN switches. > > At least thanks to Stuart's suggestion most of our issues are now > resolved and we'll just have to live with the issue of a backup firewall > taking over when a cable is plugged back in/WAN provider > resets/kills/asserts/misconfigures one of their WAN switches (we have > redundant connections across their switch fabric).
I've been discussing something which might help, with some setups. It would be nice if CARP could spot these delays, and report them in some way. If it did that, then someone setting it up could test for this case, and at least know that the switch is "not quite right". As it is now, they are shooting in the dark.
