Henning, with all respect(!), I'd cut you off with this "home NATing". My home is far more simple than need of active-active CARP (IT IS NOT as of writing)
With all respect to ALL devs working and pushing new code upstreams, we still have MP-problems. For sure, I'm not the one to fix this - I take simpler approach to donate my hw and test time. But there are bug to be FIXED //mxb On 4 jul 2013, at 20:07, Henning Brauer <lists-open...@bsws.de> wrote: > * mxb <m...@alumni.chalmers.se> [2013-07-03 17:33]: >> States ARE synced. >> IPs are not the same on node1 and node2 for external. The you >> initiated connection to ftp.fr, you done it via node1 with its external >> IP. On node2 those packets will be DROPPED as those do not belong to >> external NIC on node2 (IP) > > again, WRONG. > > you are caught in your tiny little NATing home firewall scenario. and > since the OP said BGP, NAT isn't all that likely there. > > surprise, surprise: OpenBSD and pf are capable of, good for and > actually used (a lot!) for MUCH more, including way bigger setups. > Including many that I manage or have helped with, besides the > 99.999....% I've never seen or heard of. > > -- > Henning Brauer, h...@bsws.de, henn...@openbsd.org > BS Web Services, http://bsws.de, Full-Service ISP > Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully > Managed > Henning Brauer Consulting, http://henningbrauer.com/
