pf + pfsync + carp ... more fun
Daniel Hartmeier
daniel at benzedrine.cx
Thu Mar 3 23:43:16 GMT 2005
On Thu, Mar 03, 2005 at 02:31:26PM -0600, Matthew Grooms wrote:
> While running tests in my lab, there have been a few times where I
> could no longer talk out my external interface. This usually happens
> after I ifconfig em0 up / down a few times to force the carp0 failover.
> Previously, I have just rebooted the box since I was concentrating on
> testing the pf + pfsync stuff but this time I stopped to take a look
> and noticed that I am loosing a route for the locally attached network.
> Is this the intended behavior?
It might explain the problem. On OpenBSD, you can ifconfig down an
interface without losing the route table entries through that interface.
I noticed that FreeBSD seems to automatically remove route entries in
this case.
AFAIK, carp itself does set and clear interfaces' IFF_RUNNING flag to
activate/deactivate them. I think the intention is not to lose any
routes doing that, but simply make the stack ignore frames on that
interface (so no ARP replies are sent on it).
When you manually ifconfig down to initiate the test, you also clear
IFF_UP, which might cause routes to get removed. Maybe try to initiate
the failover by removing the cable instead.
Daniel
More information about the freebsd-pf
mailing list