Hello, I have an OSPF enabled backbone and want to insert two firewalls. Each firewall will be connected to one different core router.
My idea is to setup OSPFd on the interfaces plugged to the core, and CARP on the interfaces plugged to the other side (servers network). I have no routing protocol inside the servers network.
From the servers side, trafic will go out from the firewall owning the shared IP (the "master" firewall). From the internet side, trafic will go in from both firewalls, whichever is the neerest from the core router.
With this design, a SYN packet can enter thru FW2 and the corresponding ACK packet go back thru FW1.
Will pfsync just handle the split sessions happily ? Will it handle the load for, say, 10k pps ?
Kind regards, -- Ronnie Garcia <r.garcia at ovea dot com>
