is pfsync loosing data on reboot?

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

is pfsync loosing data on reboot?

Harald Dunkel-5
Hi folks,

I have a question about pfsync protocol in a master-backup firewall
configuration (OpenBSD 6.3 and 6.4):

If I reboot (let's say) the backup host, will it receive the whole
set of state information again, when it gets back online?

Hopefully I am not too blind to see, but pfsync(4) doesn't tell.


Every helpful comment is highly appreciated.
Harri

Reply | Threaded
Open this post in threaded view
|

Re: is pfsync loosing data on reboot?

Janne Johansson-3
Den fre 1 feb. 2019 kl 07:17 skrev Harald Dunkel <[hidden email]>:

> Hi folks,
> I have a question about pfsync protocol in a master-backup firewall
> configuration (OpenBSD 6.3 and 6.4):
> If I reboot (let's say) the backup host, will it receive the whole
> set of state information again, when it gets back online?
> Hopefully I am not too blind to see, but pfsync(4) doesn't tell.
>
>
> Yes, it will get a full dump since it has zero pre-existing knowledge of
the current situation regarding states.

I think carp will delay itself until the sync is done, so it will not try
to take over even if it has lower advskew than the other, until the sync is
complete.

--
May the most significant bit of your life be positive.
Reply | Threaded
Open this post in threaded view
|

Re: is pfsync loosing data on reboot?

Sebastian Benoit
Janne Johansson([hidden email]) on 2019.02.01 12:49:53 +0100:

> Den fre 1 feb. 2019 kl 07:17 skrev Harald Dunkel <[hidden email]>:
>
> > Hi folks,
> > I have a question about pfsync protocol in a master-backup firewall
> > configuration (OpenBSD 6.3 and 6.4):
> > If I reboot (let's say) the backup host, will it receive the whole
> > set of state information again, when it gets back online?
> > Hopefully I am not too blind to see, but pfsync(4) doesn't tell.
> >
> >
> > Yes, it will get a full dump since it has zero pre-existing knowledge of
> the current situation regarding states.
>
> I think carp will delay itself until the sync is done, so it will not try
> to take over even if it has lower advskew than the other, until the sync is
> complete.

depending on the setting of sysctl net.inet.carp.log,
carp(4) will log what it (and pfsync) does.

Reply | Threaded
Open this post in threaded view
|

Re: is pfsync loosing data on reboot?

Harald Dunkel-3
Hi folks,

On 2/1/19 1:00 PM, Sebastian Benoit wrote:

> Janne Johansson([hidden email]) on 2019.02.01 12:49:53 +0100:
>>>
>>> Yes, it will get a full dump since it has zero pre-existing knowledge of
>> the current situation regarding states.
>>
>> I think carp will delay itself until the sync is done, so it will not try
>> to take over even if it has lower advskew than the other, until the sync is
>> complete.
>
> depending on the setting of sysctl net.inet.carp.log,
> carp(4) will log what it (and pfsync) does.
>

I highly appreciate your response.

Regards
Harri