From owner-freebsd-pf@FreeBSD.ORG  Tue Mar 22 14:49:46 2005
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4827A16A4CE
	for <freebsd-pf@freebsd.org>; Tue, 22 Mar 2005 14:49:46 +0000 (GMT)
Received: from comp.chem.msu.su (comp.chem.msu.su [158.250.32.97])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A171143D41
	for <freebsd-pf@freebsd.org>; Tue, 22 Mar 2005 14:49:42 +0000 (GMT)
	(envelope-from yar@comp.chem.msu.su)
Received: from comp.chem.msu.su (localhost [127.0.0.1])
	by comp.chem.msu.su (8.12.9p2/8.12.9) with ESMTP id j2MEnd2U028646
	for <freebsd-pf@freebsd.org>; Tue, 22 Mar 2005 17:49:39 +0300 (MSK)
	(envelope-from yar@comp.chem.msu.su)
Received: (from yar@localhost)
	by comp.chem.msu.su (8.12.9p2/8.12.9/Submit) id j2MEncCd028645
	for freebsd-pf@freebsd.org; Tue, 22 Mar 2005 17:49:38 +0300 (MSK)
	(envelope-from yar)
Date: Tue, 22 Mar 2005 17:49:38 +0300
From: Yar Tikhiy <yar@comp.chem.msu.su>
To: freebsd-pf@freebsd.org
Message-ID: <20050322144938.GE23681@comp.chem.msu.su>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.6i
Subject: Using pfsync leads to rapid state loss?
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical discussion and general questions about packet filter (pf)
	<freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Mar 2005 14:49:46 -0000

Hi folks,

I know I'm unoriginal in my trying to use pf + pfsync + carp :-)
But am I unique in observing the following trouble?

I have two symmetric routers running rather fresh RELENG_5 (just a
few days old) and CARP from the patch by Glebius.  As soon as I
enable pfsync between them over a dedicated pair of interfaces,
they really start to exchange state updates, but at the same time
established TCP states start to expire extremely fast.  By coincidence
I noticed that when "timeout interval" was 20, an idle TCP state
lasted for 12-13 seconds in both PF's; but when "timeout interval"
was 8, a TCP state vanished after 2-3 seconds of inactivity.  The
whole issue looks like the other PF expires a state too fast and
sends the corresponding update back to the PF originating the state.
Disabling pfsync between the routers remedies the problem at once.

Did I hit a known pitfall?

-- 
Yar