Date: Fri, 10 Jun 2005 18:59:29 +0400 From: Yar Tikhiy <yar@comp.chem.msu.su> To: Greg Hennessy <Greg.Hennessy@nviz.net> Cc: freebsd-pf@freebsd.org Subject: Re: pfsync and asymmetric paths Message-ID: <20050610145929.GB65307@comp.chem.msu.su> In-Reply-To: <20050603130741.D427416@gw2.local.net> References: <20050603115843.GA15561@comp.chem.msu.su> <20050603130741.D427416@gw2.local.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Excuse me for a late reply, I missed your mail. On Fri, Jun 03, 2005 at 02:07:41PM +0100, Greg Hennessy wrote: > > > Is it by design? I'd like to make the asymmetric > > configuration functional if possible at all, but I've been > > unable to find any background information on the issue, such > > as mailing list discussions or whatever. > > Silly question, why are you not using CARP and using the virtual IP as the > egress/ingress next hop on both sides ? Alas, CARP is not applicable in every case, sometimes one have to run OSPF etc. And what I'd like to have functional looks like a simple yet reasonable generalization from just a set of interchangeable PF boxes to an actually distributed stateful packet filter that won't care about which of its nodes sees an IP packet. P.S. In OSPF, one can assign different costs to the paths, but that would break nice symmetry of the network configuration I considered. -- Yar
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050610145929.GB65307>