* Brian A. Seklecki <[EMAIL PROTECTED]> [2006-12-16 01:20]: > - C utility to ask /dev/pf pf(4)
definately the best option. except that there is no carp shitz to query via /dev/pf. c'mon, it's and INTERFACE, and doesn't have ANYTHING to do with pf whatsoever. > Preempt: Unlike "HSRP Groups" where interfaces can preempt can apply to > select group of interfaces, it is safe to assume that if preempt is > enabled and one interface in a SLAVE state; all other are in that > state. not true. first, it's per-group in 4.0 and up. all carp interfaces are in group carp by default, so that is used to "emulate" the old behaviour. but nothing stops you from doing # ifconfig carp3 -group carp # ifconfig carp4 -group carp # ifconfig carp3 group hsrp # ifconfig carp4 group hsrp and you have your hsrp group with two carp ifs. then, they don't really actually fail over as groups. they try to, tho. assume a setup with carp0, 1 and 2 on 2 boxes, one group, preempt enable. box1 is master. due to operator screwup, carp2 on box2 is not up (similarities to reality are pure coincidence, this is of course all fictional...), something raises carpdemote on box1, so box2 takes over. carp0 and 1 will be master on box2 now, carp2 still on box1 tho, because there is no other. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
