* Thomas Bader <[EMAIL PROTECTED]> [2006-06-14 09:02]: > In one case the fail-over does not work well: If the > BGP-peering on r0a to the upstream goes down all traffic > will be routed from r0a via $pfsync_if to r0b and to the > upstream from there on. SSH and browsing through web pages > with HTTP works that way. But downloads with HTTP or FTP do > not work. > > As long as traffic gets routed from LAN via r0a to r0b every > large download just stalls after a few kbytes. With tcpdump > I found out that the first few kbytes make it through and > afterwards ICMP host-unreachable messages will be generated.
this, btw, is likely because of tcp window scaling, and one of the machines not seeing all packets for that tcp connection, thus not sclaing the window, thus dropping packets because of seuqence numbers seemingly out of the window. pfsync cannot keep up fast enough - it's not made for that (it is "best effort" anyway), and I doubt it can be made to deal with a situation like thsi properly without significant drawbacks. -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
