Bill Marquette wrote: > Hrm, load balancing? Any particular reason? Even a pretty low end
box with a crypto accelerator should be able to handle IPSec over wireless.
There's an intro to "the rest of the story". This particular system has to be able to support 800+ concurrent clients, each with 20Kbps nominal bandwidth and 20% spikes to 300Kbps. :-D Two huge boxes won't cut it, especially when the load scales out well past 1000. Hence load load balancing.
Yes (CARP specifically, pfsync can be mitigated although we don't have the point-to-point code enabled, I'd recommend a dedicated interface anyway).
So CARP by design (and uncontrollably so) sends it's management packets out the interface it's balancing. Seems counter-intuitive to me; it's just multicast, so I would think you should be able to direct it wherever need be. At least I've got pfsync on a dedicated NIC.
RB --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
