From owner-freebsd-pf@FreeBSD.ORG Sun Jun 15 22:28:14 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 477E91065676 for ; Sun, 15 Jun 2008 22:28:14 +0000 (UTC) (envelope-from m.pagulayan@auckland.ac.nz) Received: from mailhost.auckland.ac.nz (larry.its.auckland.ac.nz [130.216.12.34]) by mx1.freebsd.org (Postfix) with ESMTP id D26288FC22 for ; Sun, 15 Jun 2008 22:28:13 +0000 (UTC) (envelope-from m.pagulayan@auckland.ac.nz) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 52CBC18774 for ; Mon, 16 Jun 2008 10:28:11 +1200 (NZST) X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz Received: from mailhost.auckland.ac.nz ([127.0.0.1]) by localhost (larry.its.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3brvn9dp+n5v for ; Mon, 16 Jun 2008 10:28:11 +1200 (NZST) Received: from UXCHANGE2.UoA.auckland.ac.nz (uxcn2.itss.auckland.ac.nz [130.216.190.119]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 2123B1872A for ; Mon, 16 Jun 2008 10:28:10 +1200 (NZST) Received: from UXCHANGE1.UoA.auckland.ac.nz ([130.216.190.118]) by UXCHANGE2.UoA.auckland.ac.nz with Microsoft SMTPSVC(6.0.3790.1830); Mon, 16 Jun 2008 10:28:10 +1200 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Mon, 16 Jun 2008 10:28:10 +1200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: pfsync ignoring stale update Thread-Index: AcjPNxfUY70l3AcbRien62nwnAVDXA== From: "Mark Pagulayan" To: X-OriginalArrivalTime: 15 Jun 2008 22:28:10.0586 (UTC) FILETIME=[179523A0:01C8CF37] Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: pfsync ignoring stale update X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Jun 2008 22:28:14 -0000 Hi Guys,=20 =20 I was just wondering if you could help me out with my problem on why state count are different on my Active and Standby FW. The state count on my Standby FW is much bigger than my Active FW. When I did debug mode on the standby FW(pfctl -mx loud) I noticed that there were message saying "pfsync: ignoring stale update". Is this the one causing the state table to unsynchronize? If this is it, any ideas on how to fix this?=20 =20 Here is my setup=20 OS: 7.0-RELEASE FreeBSD 7.0-RELEASE Setup: PF is use as Layer 2 Firewall =20 --------------------- --------------------- - - pfsync - - - Active FW - --------------- Standby FW - - - - - --------------------- --------------------- =20 Failover happens with OSPF.=20 =20 =20 Help would be greatly appreciated.=20 =20 Best Regards,=20 =20 Mark Pagulayan University Of Auckland =20