On Dec 16, 2004, at 5:12 PM, ed wrote:

Things are nearly fully functional for me now, however, I don't seem to
have perfect throughput when a box is shot in the head, sometimes things
work OK for the client, and some times they don't and connections either
lag to the point of timeout, or just drop and cant get re-established.

There is probably a good reason for this, but might be hard to determine a) for an experienced user without access to your network, or b) for an inexperienced user *with* access to your network. ;-)

I suggest monitoring your interfaces continually ("while true; do ifconfig -a | grep carp; sleep 1; clear; done") while you recreate your problems. It wouldn't hurt to also monitor your pfsync traffic for hiccups.

I usually experience ~3 seconds of packet loss during a failover. Recovery is always instantaneous (no loss). Regardless, I've yet to lose any TCP connections. I'd suggest you try to isolate the questionable behavior.

Sorry if I sound like a "Loinux whiny", I'm almost there, just need a
few more pointers.

1) If I reduce advskew to something like 10 on machine A and 12 on
machine b, would that increase the stability of the firewalls?

I suggest larger advskew differences. You can only go as high as the size of your segment (256-1 for /24, for example). If you're only using 2 firewalls, I suggest advskews of 0 and 100. This isn't documented anywhere, and is only based on my own experience, so YMMV.

2) Why does it seem that when the master returns from me issuing a
reboot does the connection for the client appear to get shaky again?

No clue, you're not providing anything but anecdotal evidence.

Jason Dixon
DixonGroup Consulting