pfsync: failed to receive bulk update

Tue, 01 Apr 2014 11:23:52 -0700

After updating my primary firewall to current, the pfsync initial sync does not end. 

Primary firewall is
 OpenBSD 5.5-current (GENERIC.MP) #0: Tue Apr  1 19:26:27 EEST 2014
with latest 5.5 errata applied,
secondary firewall is a bit older but I'm afraid to update cause this might be the only working one. 
OpenBSD 5.5-beta (GENERIC.MP) #287: Fri Feb  7 11:45:09 MST 2014
t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

# grep pfsync /var/log/messages
Apr 1 19:29:24 primary /bsd: carp: pfsync0 demoted group carp by 32 to 164 (pfsync init) Apr 1 19:29:24 primary /bsd: carp: pfsync0 demoted group pfsync by 32 to 32 (pfsync init) Apr 1 19:29:24 primary /bsd: carp: pfsync0 demoted group carp by 1 to 165 (pfsync bulk start) Apr 1 19:29:24 primary /bsd: carp: pfsync0 demoted group pfsync by 1 to 33 (pfsync bulk start) Apr 1 20:56:59 primary /bsd: carp: pfsync0 demoted group carp by -1 to 32 (pfsync bulk fail) Apr 1 20:56:59 primary /bsd: carp: pfsync0 demoted group pfsync by -1 to 32 (pfsync bulk fail) Apr 1 20:56:59 primary /bsd: carp: pfsync0 demoted group carp by -32 to 0 (pfsync init) Apr 1 20:56:59 primary /bsd: carp: pfsync0 demoted group pfsync by -32 to 0 (pfsync init) 
Apr  1 20:56:59 primary /bsd: pfsync: failed to receive bulk update

# pfctl -si

State Table                          Total             Rate

  current entries                   111638

  searches                       552324629        87851.9/s

  inserts                          2808797          446.8/s

  removals                         2697159          429.0/s


It does get states from backup firewall since it has almost the same number of 
entries (100K)


The logs on backup firewall say:
Apr  1 19:27:17 backup /bsd: carp: pfsync0 demoted group carp by 1 to 1 (pfsync 
link state down)
Apr  1 19:27:17 backup /bsd: carp: pfsync0 demoted group pfsync by 1 to 1 
(pfsync link state down)
Apr  1 19:27:27 backup /bsd: carp: pfsync0 demoted group carp by -1 to 0 
(pfsync bulk cancelled)
Apr  1 19:27:27 backup /bsd: carp: pfsync0 demoted group pfsync by -1 to 0 
(pfsync bulk cancelled)
Apr  1 19:27:45 backup /bsd: carp: pfsync0 demoted group carp by -1 to 0 
(pfsync bulk cancelled)
Apr  1 19:27:45 backup /bsd: carp: pfsync0 demoted group pfsync by -1 to 0 
(pfsync bulk cancelled)
Apr  1 19:28:55 backup /bsd: carp: pfsync0 demoted group carp by -1 to 0 
(pfsync bulk cancelled)
Apr  1 19:28:55 backup /bsd: carp: pfsync0 demoted group pfsync by -1 to 0 
(pfsync bulk cancelled)
Apr  1 19:29:24 backup /bsd: carp: pfsync0 demoted group carp by -1 to 0 
(pfsync bulk cancelled)
Apr  1 19:29:24 backup /bsd: carp: pfsync0 demoted group pfsync by -1 to 0 
(pfsync bulk cancelled)
Apr  1 19:38:36 backup /bsd: carp: pfsync0 demoted group carp by -1 to 0 
(pfsync link state up)
Apr  1 19:38:36 backup /bsd: carp: pfsync0 demoted group pfsync by -1 to 0 
(pfsync link state up)

The are connected with cross-over cable and they have set skip on that 
interface.
It has been working like this the last few years.

regards,

Giannis

Reply via email to