Subject: Re: pf status
To: Pavel Cahyna <pavel.cahyna@st.mff.cuni.cz>
From: David Hopper <dhop@nwlink.com>
List: current-users
Date: 08/02/2005 18:24:22
I just helped Jason Dixon configure his CARP demo for OSCON.  I'm  
sold.  I'd love to see this in NetBSD.

http://www.samag.com/documents/s=9658/sam0505e/

Yanking the master firewall's uplink had no interruption in a ping,  
and he'll apparently demonstrate playing an mp3 over NFS-- pull the  
cable, no hiccup, seamless failover.  Very nice.

dhop


On Jul 30, 2005, at 6:45 AM, Pavel Cahyna wrote:

> On Sat, Jul 30, 2005 at 01:20:10PM +0200, Marcin Jessa wrote:
>
>> These links may be of help:
>> http://www.countersiege.com/doc/pfsync-carp/
>>
>
> Unfortunately even here, a detailed description of CARP is missing.  
> But
> the page at least explains why an integration of pfsync and CARP is
> desirable: pfsync prevents CARP from taking ownership of the common
> address until the bulk update [of pf states] has completed.
>
> Bye    Pavel
>