It depends. http://kerneltrap.org/node/5607 gives part of the answer...
-Steve S.
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
> Of Karsten McMinn
> Sent: Friday, April 25, 2008 7:39 PM
> To: misc@openbsd.org
> Subject: Re: OpenBSD
On Fri, Apr 11, 2008 at 9:13 AM, Matthew Dempsky <[EMAIL PROTECTED]>
wrote:
>
> Probably not. I've never had problems with carp's fallover time and
> I've never used a Cisco firewall so I don't really know how it
> actually compares. I just wanted to suggest a maybe-solution assuming
> the suppos
* Matthew Dempsky <[EMAIL PROTECTED]> [2008-04-11 18:14]:
> On Fri, Apr 11, 2008 at 4:12 AM, Henning Brauer <[EMAIL PROTECTED]> wrote:
> > fwB's slave carp interfaces notice the "watchdev" going down and
> > go to master. great, now we have two masters. as I have had such a
> > split brain confi
On Fri, Apr 11, 2008 at 4:12 AM, Henning Brauer <[EMAIL PROTECTED]> wrote:
> fwB's slave carp interfaces notice the "watchdev" going down and
> go to master. great, now we have two masters. as I have had such a
> split brain config in the fast (due to a switch misconfiguration) I can
> tell you
Hello,
Is there any documentation about those tweaks for tcp performance? and
what about irq thingy?
On Thu, Nov 8, 2007 at 2:34 AM, Prabhu Gurumurthy <[EMAIL PROTECTED]> wrote:
> Brian A Seklecki (Mobile) wrote:
>
>
> > On Mon, 2007-11-05 at 07:23 +0100, Martin Toft wrote:
> >
> > > On Mon, Nov
* Matthew Dempsky <[EMAIL PROTECTED]> [2008-04-11 02:37]:
> On Thu, Apr 10, 2008 at 2:33 PM, Stuart Henderson <[EMAIL PROTECTED]> wrote:
> > Problem is, a carp interface is not interested in the state of the
> > syncdev, it is interested in the state of its own carpdev (since
> > multiple carp i
On Thu, Apr 10, 2008 at 2:33 PM, Stuart Henderson <[EMAIL PROTECTED]> wrote:
> Problem is, a carp interface is not interested in the state of the
> syncdev, it is interested in the state of its own carpdev (since
> multiple carp interfaces on a machine are independent). And carpdev
> usually fa
On 2008-04-10, Matthew Dempsky <[EMAIL PROTECTED]> wrote:
> Assuming this is really a problem, could CARP use interface link state
> to speed up fail-over? E.g., if the common setup is two routers with
> a direct Ethernet cable for pfsync and the common failure scenario is
> power failure (or at l
On Mon, Nov 5, 2007 at 12:26 PM, Brian A Seklecki (Mobile)
<[EMAIL PROTECTED]> wrote:
> - PIX/ASA has proprietary serial console fail-over (which is marginally
> faster than waiting for CARP)
Assuming this is really a problem, could CARP use interface link state
to speed up fail-over? E.g., if
On Thu, 10 Apr 2008 12:27:32 +0200, Reyk Floeter wrote:
>> - PIX/ASA has some magical black-box inline transparent protocol
>> "fixups"
>
Yeah, they have a magical smtp "f**-up" that is famous for breaking
things.
Have a look at http://www.postfix.org/postconf.5.html and search the
page for pix.
On Thu, Apr 10, 2008 at 12:27:32PM +0200, Reyk Floeter wrote:
> > I don't know about ASA, but the 5xx PIX doesn't support IPv6
> >
>
> like the lucent boxes and many other systems. and even if they
> support IPv6, they do it in a very basic way sometimes not even
> statefully.
>
Or like on the
hi!
i cannot resist to give a few comments on the PIX/ASA...
but first you should have a look at
http://www.openbsd.org/lyrics.html#35
about the Monopoly of Cizzz-coeee.
On Mon, Nov 05, 2007 at 02:26:48PM -0500, Brian A Seklecki (Mobile) wrote:
> - PIX/ASA is going to get you a default p
Brian A Seklecki (Mobile) wrote:
On Mon, 2007-11-05 at 07:23 +0100, Martin Toft wrote:
On Mon, Nov 05, 2007 at 01:29:05AM +0100, Cabillot Julien wrote:
Have you try openbsd 4.2 ? PF have been really improved in this
release.
pf(4) has nothing to do with isakmpd(8), except as it relates to rec
On Nov 4, 2007 4:09 PM, Chris Bullock <[EMAIL PROTECTED]> wrote:
> ...and it appears to us that that those
> sites seem to transmit data quicker than the sites that we maintain with
> OpenBSD firewalls and VPNs, assuming identical bandwidth.
do some conclusive transfer tests please or explain wha
isakmpd does not do the crypto processing of the actual IPSec tunnels, it
only does the ike negotiations.
Presuming you want to use aes-128, `openssl speed aes' shows that a 1ghz
system that is running 'vi' to type this message is capable of (at the
lowest end) 27mbyte per second.
I think you sho
Some say that isakmpd is resource intensive. What is the recommended
hardware for a 5mb full duplex optical Internet connection that is doing
nothing but VPN.
Regards,
Chris
On 11/4/07, Chris Bullock <[EMAIL PROTECTED]> wrote:
>
> We have been using OpenBSD my entire IT career, 5 1/2 years, I lik
On Mon, 05 Nov 2007 14:26:48 -0500, Brian A Seklecki (Mobile) wrote:
>- PIX/ASA has some magical black-box inline transparent protocol
>"fixups"
People who have met those when trying to send mail will tell you that,
at least for smtp, that quoted word at the end of the above sentence
has a spell
On Mon, 2007-11-05 at 07:23 +0100, Martin Toft wrote:
> On Mon, Nov 05, 2007 at 01:29:05AM +0100, Cabillot Julien wrote:
> > Have you try openbsd 4.2 ? PF have been really improved in this
> > release.
pf(4) has nothing to do with isakmpd(8), except as it relates to recent
addition of routing tags
On Mon, Nov 05, 2007 at 01:29:05AM +0100, Cabillot Julien wrote:
> Have you try openbsd 4.2 ? PF have been really improved in this
> release.
>
> On Nov 5, 2007 1:09 AM, Chris Bullock <[EMAIL PROTECTED]> wrote:
>
> > We have been using OpenBSD my entire IT career, 5 1/2 years, I like
> > the way it
Have you try openbsd 4.2 ? PF have been really improved in this release.
On Nov 5, 2007 1:09 AM, Chris Bullock <[EMAIL PROTECTED]> wrote:
> We have been using OpenBSD my entire IT career, 5 1/2 years, I like the
> way
> its easy to roll out, configure and the cost the most.
>
> I would like an ho
20 matches
Mail list logo
