Hi List,
I just updated two carp/pfsync firewalls from 7.3 to 7.4. After updating the second box I see a massive increase in traffic on the sync interface. I now reproduced this with another pair of firewalls - same thing.
Both firewall have three physical interfaces: external, internal and sync. Sync interface is connected via ethernet cable directly. Syncinterface has an ip address.
Configuration of hostname.pfsync0:
syncdev em2
up
The way I updated these boxes, lets call them primary and secondary:
1. update secondary to 7.4, including the change in hostname.pfsync0
2. change hostname.carp0 to promote to master - reboot
3. secondary is now master
4. update primary to 7.4
=> traffic on syncif increases
I tried so far - without any improvements:
- reboot both machines after another
- promote primary again
- ifconfig pfsync0 down; pfctl -F states; ifconfig pfsync0 up
I think they might see some kind of loop updating the states between each other. Could someone point me to how I could diagnose further?
Kind Regards,
Christian
No comments:
Post a Comment