[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pfsync and asymmetric paths



Excuse me for a late reply, I missed your mail.

On Fri, Jun 03, 2005 at 02:07:41PM +0100, Greg Hennessy wrote:
>  
> > Is it by design?  I'd like to make the asymmetric 
> > configuration functional if possible at all, but I've been 
> > unable to find any background information on the issue, such 
> > as mailing list discussions or whatever.
> 
> Silly question, why are you not using CARP and using the virtual IP as the
> egress/ingress next hop on both sides ? 

Alas, CARP is not applicable in every case, sometimes one have to
run OSPF etc.  And what I'd like to have functional looks like a
simple yet reasonable generalization from just a set of interchangeable
PF boxes to an actually distributed stateful packet filter that
won't care about which of its nodes sees an IP packet.

P.S. In OSPF, one can assign different costs to the paths, but that
would break nice symmetry of the network configuration I considered.

-- 
Yar
_______________________________________________
freebsd-pf_(_at_)_freebsd_(_dot_)_org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscribe_(_at_)_freebsd_(_dot_)_org"


Visit your host, monkey.org