Date: Tue, 22 Oct 2019 05:38:11 +0000 From: k simon <moremore2@outlook.com> To: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: How to disable tryforward ? Message-ID: <HK0PR03MB32026778B9D469798DBF9326EE680@HK0PR03MB3202.apcprd03.prod.outlook.com>
next in thread | raw e-mail | index | archive | help
Hi, Tryforwad have merged 3 yeas ago, and it haven¡¯t a sysctl to disable it , so ECMP was broken past 3 years. Olivier has fired a bug : https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=225792 , it seems that a few of people cares it. Andrey said maybe some ipsec policy can disable tryforward.( https://lists.freebsd.org/pipermail/freebsd-net/2017-February/047203.html. ) I have tried a lot configurations, but failed. Can someone point it out ? Thanks! Simon Ke 20191022 P.S. # uname -a FreeBSD host-router-a 11.2-STABLE FreeBSD 11.2-STABLE #1 r345567: Tue Apr 30 11:59:38 CST 2019 root@vm-router-n2:/usr/obj/usr/src/sys/ule-11-stable-r345567 amd64 # ospfd -v ospfd version 7.1 Copyright 1996-2005 Kunihiro Ishiguro, et al. configured with: ¡®--enable-user=frr' '--enable-group=frr' '--enable-vty-group=frrvty' '--disable-doc-html' '--sysconfdir=/usr/local/etc/frr' '--localstatedir=/var/run/frr' '--disable-nhrpd' '--disable-pimd' '--with-vtysh-pager=cat' '--disable-config-rollbacks' '--disable-datacenter' '--enable-fpm' '--disable-ldpd' '--enable-multipath=64' '--without-libpam' '--disable-rpki' '--disable-shell-access' '--disable-snmp' '--disable-tcmalloc' '--disable-tcp-zebra' '--enable-vtysh' '--prefix=/usr/local' '--mandir=/usr/local/man' '--disable-silent-rules' '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd12.0' 'build_alias=amd64-portbld-freebsd12.0' 'PKG_CONFIG=pkgconf' 'CC=cc' 'CFLAGS=-O2 -pipe -fstack-protector-strong -fno-strict-aliasing ' 'LDFLAGS= -L/usr/local/lib -L/usr/local/lib -fstack-protector-strong ' 'LIBS=' 'CPPFLAGS=-I/usr/local/include -I/usr/local/include' 'CPP=cpp' 'CXX=c++' 'CXXFLAGS=-O2 -pipe -fstack-protector-strong -fno-strict-aliasing ' # netstat -nrW |more Routing tables Internet: Destination Gateway Flags Use Mtu Netif Expire default 192.168.205.36 UG1 5385 1500 vlan256 default 192.168.205.38 UG1 0 1500 vlan256 # more /etc/ipsec.conf flush; spdflush; #spdadd 172.16.1.32/29 172.16.1.8/29 any -P out ipsec esp/tunnel/192.168.205.37-192.168.205.36/use; #spdadd 172.16.1.8/29 172.16.1.32/29 any -P in ipsec esp/tunnel/192.168.205.36-192.168.205.37/use; spdadd 0.0.0.0/0 0.0.0.0/0 any -P out ipsec esp/tunnel/192.168.205.37-192.168.205.36/use;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?HK0PR03MB32026778B9D469798DBF9326EE680>