Henning Brauer schrieb:
> * Thomas Bader <[EMAIL PROTECTED]> [2006-06-14 09:02]:
>> In one case the fail-over does not work well: If the
>> BGP-peering on r0a to the upstream goes down all traffic
>> will be routed from r0a via $pfsync_if to r0b
> 
> yhis case requires bgpd to actively take influence on teh carp state.
> 
> now, lucky you, I have a diff for current doing exactly that :)
> you need -current from after the hackathon, as this needs the carp 
> group demotion stuff.

Oh, that sounds fine, thank you. I will surely test that out in my
testing environment.

Can you estimate when this patch will be integrated into -stable?

> also, as for everybody successfully using openbgpd, we welcome 
> testimonials for http://www.openbgpd.org/users.html :)

OK, I'll look what I can do about that :)

> this, btw, is likely because of tcp window scaling, and one of the 
> machines not seeing all packets for that tcp connection, thus not 
> sclaing the window, thus dropping packets because of seuqence numbers
>  seemingly out of the window. pfsync cannot keep up fast enough -
> it's not made for that (it is "best effort" anyway), and I doubt it
> can be made to deal with a situation like thsi properly without
> significant drawbacks.

So, apparently, the main difference I was looking for between having PF
enabled and disabled is state tracking.

Regards, Thomas.

Reply via email to