[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
On Dec 16, 2004, at 5:12 PM, ed wrote:
Things are nearly fully functional for me now, however, I don't seem to
have perfect throughput when a box is shot in the head, sometimes
work OK for the client, and some times they don't and connections
lag to the point of timeout, or just drop and cant get re-established.
There is probably a good reason for this, but might be hard to
determine a) for an experienced user without access to your network, or
b) for an inexperienced user *with* access to your network. ;-)
I suggest monitoring your interfaces continually ("while true; do
ifconfig -a | grep carp; sleep 1; clear; done") while you recreate your
problems. It wouldn't hurt to also monitor your pfsync traffic for
I usually experience ~3 seconds of packet loss during a failover.
Recovery is always instantaneous (no loss). Regardless, I've yet to
lose any TCP connections. I'd suggest you try to isolate the
Sorry if I sound like a "Loinux whiny", I'm almost there, just need a
few more pointers.
1) If I reduce advskew to something like 10 on machine A and 12 on
machine b, would that increase the stability of the firewalls?
I suggest larger advskew differences. You can only go as high as the
size of your segment (256-1 for /24, for example). If you're only
using 2 firewalls, I suggest advskews of 0 and 100. This isn't
documented anywhere, and is only based on my own experience, so YMMV.
2) Why does it seem that when the master returns from me issuing a
reboot does the connection for the client appear to get shaky again?
No clue, you're not providing anything but anecdotal evidence.