From owner-freebsd-pf@FreeBSD.ORG  Fri Jun 10 14:59:36 2005
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F330F16A41C
	for <freebsd-pf@freebsd.org>; Fri, 10 Jun 2005 14:59:35 +0000 (GMT)
	(envelope-from yar@comp.chem.msu.su)
Received: from comp.chem.msu.su (comp.chem.msu.su [158.250.32.97])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2EEEA43D48
	for <freebsd-pf@freebsd.org>; Fri, 10 Jun 2005 14:59:33 +0000 (GMT)
	(envelope-from yar@comp.chem.msu.su)
Received: from comp.chem.msu.su (localhost [127.0.0.1])
	by comp.chem.msu.su (8.13.3/8.13.3) with ESMTP id j5AExUpC068325;
	Fri, 10 Jun 2005 18:59:30 +0400 (MSD)
	(envelope-from yar@comp.chem.msu.su)
Received: (from yar@localhost)
	by comp.chem.msu.su (8.13.3/8.13.3/Submit) id j5AExTDr068324;
	Fri, 10 Jun 2005 18:59:29 +0400 (MSD) (envelope-from yar)
Date: Fri, 10 Jun 2005 18:59:29 +0400
From: Yar Tikhiy <yar@comp.chem.msu.su>
To: Greg Hennessy <Greg.Hennessy@nviz.net>
Message-ID: <20050610145929.GB65307@comp.chem.msu.su>
References: <20050603115843.GA15561@comp.chem.msu.su>
	<20050603130741.D427416@gw2.local.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20050603130741.D427416@gw2.local.net>
User-Agent: Mutt/1.5.9i
Cc: freebsd-pf@freebsd.org
Subject: Re: pfsync and asymmetric paths
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jun 2005 14:59:36 -0000

Excuse me for a late reply, I missed your mail.

On Fri, Jun 03, 2005 at 02:07:41PM +0100, Greg Hennessy wrote:
>  
> > Is it by design?  I'd like to make the asymmetric 
> > configuration functional if possible at all, but I've been 
> > unable to find any background information on the issue, such 
> > as mailing list discussions or whatever.
> 
> Silly question, why are you not using CARP and using the virtual IP as the
> egress/ingress next hop on both sides ? 

Alas, CARP is not applicable in every case, sometimes one have to
run OSPF etc.  And what I'd like to have functional looks like a
simple yet reasonable generalization from just a set of interchangeable
PF boxes to an actually distributed stateful packet filter that
won't care about which of its nodes sees an IP packet.

P.S. In OSPF, one can assign different costs to the paths, but that
would break nice symmetry of the network configuration I considered.

-- 
Yar