From owner-freebsd-net@FreeBSD.ORG Sun Sep 20 14:40:03 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 53EF1106566B for ; Sun, 20 Sep 2009 14:40:03 +0000 (UTC) (envelope-from Brian.Jacobs@lodgenet.com) Received: from garbo.lodgenet.com (garbo.lodgenet.com [204.124.121.250]) by mx1.freebsd.org (Postfix) with ESMTP id 140FF8FC0A for ; Sun, 20 Sep 2009 14:40:02 +0000 (UTC) Received: from hardy.lodgenet.com (hardy.lodgenet.com [10.16.101.109]) by garbo.lodgenet.com (8.12.11.20060308/8.12.11) with ESMTP id n8KEe2sm020040 for ; Sun, 20 Sep 2009 09:40:02 -0500 Received: from sfcoex03.lodgenet.com (Not Verified[10.16.100.166]) by hardy.lodgenet.com with MailMarshal (v6, 4, 1, 5038) id ; Sun, 20 Sep 2009 09:40:02 -0500 Received: from host.lodgenet.com ([10.1.1.129]) by host.lodgenet.com with Microsoft SMTPSVC(6.0.3790.3959); Sun, 20 Sep 2009 09:31:18 -0500 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Sun, 20 Sep 2009 10:31:18 -0400 Message-ID: <126E45722B459248997856ECB72DEB7701286109@host.lodgenet.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Large scale GRE Thread-Index: Aco5/wKGf6KMnltGQve6mUYHRavM0w== From: "Jacobs, Brian" To: X-OriginalArrivalTime: 20 Sep 2009 14:31:18.0853 (UTC) FILETIME=[0481A750:01CA39FF] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Large scale GRE X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Sep 2009 14:40:03 -0000 As promised, I'm dropping an on-list update of our GRE migration project. We're running just under 1,000 GRE interfaces (with ipsec inside) with no problems on a dualproc/quadcore xeon 2.8 under 7.2-REL (can't sup to anything later as someone broke the Compaq RAID driver). We're only pushing about 15mb/s through the tunnels at peak, no drops or errors that I've seen. We do notice that ESP SA's for IKE tunnels don't establish as expected (the farend network routes never "appear" like they do in OpenBSD isakmpd, nor is the kernel grabbing the packets to send down the IKE tunnel (though the OBSD/FBSD and farend configs are identical), but I'm not done quadruple-checking to see if there's some functional difference I've missed. If anyone has any morsels of wisdom, feel free to drop me a line. =20 Cheers! =20 /b