Date: Tue, 22 Mar 2005 17:49:38 +0300 From: Yar Tikhiy <yar@comp.chem.msu.su> To: freebsd-pf@freebsd.org Subject: Using pfsync leads to rapid state loss? Message-ID: <20050322144938.GE23681@comp.chem.msu.su>
next in thread | raw e-mail | index | archive | help
Hi folks, I know I'm unoriginal in my trying to use pf + pfsync + carp :-) But am I unique in observing the following trouble? I have two symmetric routers running rather fresh RELENG_5 (just a few days old) and CARP from the patch by Glebius. As soon as I enable pfsync between them over a dedicated pair of interfaces, they really start to exchange state updates, but at the same time established TCP states start to expire extremely fast. By coincidence I noticed that when "timeout interval" was 20, an idle TCP state lasted for 12-13 seconds in both PF's; but when "timeout interval" was 8, a TCP state vanished after 2-3 seconds of inactivity. The whole issue looks like the other PF expires a state too fast and sends the corresponding update back to the PF originating the state. Disabling pfsync between the routers remedies the problem at once. Did I hit a known pitfall? -- Yar
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050322144938.GE23681>