Hi misc
I just have a question regarding carp failover.
First I must say that everything is working. I have a lot of different
installations at customer sites. But I do have a question regarding the
failover back to the master.
Example scenario:
We have two firewalls with a bunch of interfaces. They both have
net.inet.carp.preempt=1. If I create an SSH session (or anything else)
through these carped firewalls, It works great. If I simply reboot the
primary firewall, I can type in the SSH terminal window and only notice a
very small delay for a second (or even less) when the backup takes over.
Really great. However... When the failover back to the master takes place it
seems to always take a much longer time (10-20 sec). And the SSH terminal is
not usable for a long time (but i wont lose my session though).
The description of the carp failover sequence at
http://www.countersiege.com/doc/pfsync-carp say that the bulk update back to
the master takes place before the master takes over with carp advertisement
again. Therefor I don't understand why the fail back to the master freezes my
sessions for 10-20 sec.
Does anybody have a good explanation for this. Or is it the source code
docs ;-)
Thanks in advance
Per-Olov Sjvholm
--
GPG keyID: 4DB283CE
GPG fingerprint: 45E8 3D0E DE05 B714 D549 45BC CFB4 BBE9 4DB2 83CE
