Our ospfd boxes didn't like having PF on during failovers, while having ospf redundancy upwards and carp redundancy downwards, since PF normally doesn't like when it can't see the whole flow. Perhaps doing sloppy-states could have "fixed" it, perhaps no-state could have done it, but in the end, we decided to use routers as routers and FWs as FWs. HW is cheap today.
2013/9/4 andy <a...@brandwatch.com> > On Mon, 02 Sep 2013 09:56:46 -0400, John Jasen <jja...@realityfailure.org> > wrote: > > Please forgive the top posting. > > > > If you have enough systems, can you hit the performance goals with carp > > and active load balancing? > > > > I did think about that but these boxes will also be running OpenOSPFd and > OpenBGPd (will be our WAN edge), and so to add active-active CARP load > balancing could prove very problematic??? Anyone with any experience on BGP > and OSPF with active-active? > > Cheers, andy. > > > > > On 09/02/2013 09:53 AM, Andy wrote: > >> If only you could 'buy' more time or make days longer.. ;) > >> > >> Because I know the OpenBSD developers are working hard on this and take > >> it very seriously, we have decided that we are going to continue to use > >> OpenBSD for these new 10G firewalls because the initial load is only > >> going to be around 500-600kpps. We are currently getting ~450kpps using > >> HP DL160's, and this hardware should be much more powerful than those. > >> > >> And I have faith ;) that by the time our load increases MP networking > >> will be available. > >> > >> Also I'm very willing to beta test the new ALTQ code? I was chatting to > >> Theo briefly a few weeks back and he said I should ask for the code but > >> I cannot remember who in the team he said I should message for this? > >> I'm not a coder but I'm happy to contribute as and where I can :) > >> > >> Andy. > >> > >> > >> On Mon 02 Sep 2013 13:02:42 BST, Kenneth R Westerback wrote: > >>> On Mon, Sep 02, 2013 at 01:41:58PM +0200, Denis Fondras wrote: > >>>> Hi Mike, > >>>> > >>>> Le 02/09/2013 13:21, Mike Belopuhov a ?crit : > >>>>> We are trying to address problems with MP networking right now, > >>>>> but due to the lack of manpower the progress is slow. > >>>>> > >>>> > >>>> What would you need to accelerate ? Developpers, testers, time, > money, > >>>> hardware, something else ? > >>>> > >>>> Denis > >>> > >>> All of the above. If you can provide time especially I'm sure Mike > would > >>> be very interested in having more of it. :-) > >>> > >>> .... Ken > >> > > > > > > -- > > -- John Jasen (jja...@realityfailure.org) > > -- No one will sorrow for me when I die, because those who would > > -- are dead already. -- Lan Mandragoran, The Wheel of Time, New Spring > > -- May the most significant bit of your life be positive.
