On Wed, 4 Sep 2013 15:19:07 +0200, Janne Johansson <[email protected]> wrote: > Our ospfd boxes didn't like having PF on during failovers, while having > ospf redundancy upwards and carp redundancy downwards, since PF normally > doesn't like when it can't see the whole flow. Perhaps doing sloppy-states > could have "fixed" it, perhaps no-state could have done it, but in the end, > we decided to use routers as routers and FWs as FWs. HW is cheap today. >
Yea thats what I thought from reading other peoples experiences with active-active etc. We will have BGP (v4 and v6) up stream, OSPFv4 up, OSPFv6 up and down, and CARP (v4 and v6) up and down.. (I.e, RFC1918 internally so v4 with NAT, but v6 fully routed). All this considered I think we should stick with active-backup. Andy > > > 2013/9/4 andy <[email protected]> > >> On Mon, 02 Sep 2013 09:56:46 -0400, John Jasen >> <[email protected]> >> wrote: >> > Please forgive the top posting. >> > >> > If you have enough systems, can you hit the performance goals with carp >> > and active load balancing? >> > >> >> I did think about that but these boxes will also be running OpenOSPFd and >> OpenBGPd (will be our WAN edge), and so to add active-active CARP load >> balancing could prove very problematic??? Anyone with any experience on >> BGP >> and OSPF with active-active? >> >> Cheers, andy. >> >> > >> > On 09/02/2013 09:53 AM, Andy wrote: >> >> If only you could 'buy' more time or make days longer.. ;) >> >> >> >> Because I know the OpenBSD developers are working hard on this and >> >> take >> >> it very seriously, we have decided that we are going to continue to >> >> use >> >> OpenBSD for these new 10G firewalls because the initial load is only >> >> going to be around 500-600kpps. We are currently getting ~450kpps >> >> using >> >> HP DL160's, and this hardware should be much more powerful than those. >> >> >> >> And I have faith ;) that by the time our load increases MP networking >> >> will be available. >> >> >> >> Also I'm very willing to beta test the new ALTQ code? I was chatting >> >> to >> >> Theo briefly a few weeks back and he said I should ask for the code >> >> but >> >> I cannot remember who in the team he said I should message for this? >> >> I'm not a coder but I'm happy to contribute as and where I can :) >> >> >> >> Andy. >> >> >> >> >> >> On Mon 02 Sep 2013 13:02:42 BST, Kenneth R Westerback wrote: >> >>> On Mon, Sep 02, 2013 at 01:41:58PM +0200, Denis Fondras wrote: >> >>>> Hi Mike, >> >>>> >> >>>> Le 02/09/2013 13:21, Mike Belopuhov a ?crit : >> >>>>> We are trying to address problems with MP networking right now, >> >>>>> but due to the lack of manpower the progress is slow. >> >>>>> >> >>>> >> >>>> What would you need to accelerate ? Developpers, testers, time, >> money, >> >>>> hardware, something else ? >> >>>> >> >>>> Denis >> >>> >> >>> All of the above. If you can provide time especially I'm sure Mike >> would >> >>> be very interested in having more of it. :-) >> >>> >> >>> .... Ken >> >> >> > >> > >> > -- >> > -- John Jasen ([email protected]) >> > -- No one will sorrow for me when I die, because those who would >> > -- are dead already. -- Lan Mandragoran, The Wheel of Time, New Spring
