redundancy: carp

in most cases, when a router fails or is taken offline, routing will find a replacement path
exception: default gateways in front of servers or clients
OpenBSD solution: carp(4) - Common Address Redundancy Protocol
failover between two machines, the address on the carp interface is taken over by the backup machine
no downtime

with pfsync(4) you keep the two machines pf states in sync