Henning Brauer schrieb: > * Thomas Bader <[EMAIL PROTECTED]> [2006-06-14 09:02]: >> In one case the fail-over does not work well: If the >> BGP-peering on r0a to the upstream goes down all traffic >> will be routed from r0a via $pfsync_if to r0b > > yhis case requires bgpd to actively take influence on teh carp state. > > now, lucky you, I have a diff for current doing exactly that :) > you need -current from after the hackathon, as this needs the carp > group demotion stuff.
Oh, that sounds fine, thank you. I will surely test that out in my testing environment. Can you estimate when this patch will be integrated into -stable? > also, as for everybody successfully using openbgpd, we welcome > testimonials for http://www.openbgpd.org/users.html :) OK, I'll look what I can do about that :) > this, btw, is likely because of tcp window scaling, and one of the > machines not seeing all packets for that tcp connection, thus not > sclaing the window, thus dropping packets because of seuqence numbers > seemingly out of the window. pfsync cannot keep up fast enough - > it's not made for that (it is "best effort" anyway), and I doubt it > can be made to deal with a situation like thsi properly without > significant drawbacks. So, apparently, the main difference I was looking for between having PF enabled and disabled is state tracking. Regards, Thomas.