SEO
vBulletin Search Engine Optimization
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-22-2008, 12:28 PM
| ||||
| ||||
 Re: PF State Expiration Model for Huge Amount of States > However, a bigger problem is that at least the OpenBSD 3.8 code can't > keep the backup firewall state table synchronized with the master > firewall because of this effect, even though CPU is 80% idle. The > biggest problems are the TCP connections for which the closing sync > updates are lost. They end up living long time in the backup firewall, > and should failover happen, they cause a lot of state-mismatch blocks > for new connections which are reusing the same TCP ports. I'm mostly thinking out loud here, but wouldn't it make sense to at least have an option to make new connections replace old ones in case of mismatches like that? Cedric      |
 |
« Re: PF State Expiration Model for Huge Amount of States
|
Re: PF State Expiration Model for Huge Amount of States »
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT. The time now is 05:37 PM.
