From owner-freebsd-net@FreeBSD.ORG Sun Sep 21 10:26:43 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6D56E3AC for ; Sun, 21 Sep 2014 10:26:43 +0000 (UTC) Received: from mail-pd0-x235.google.com (mail-pd0-x235.google.com [IPv6:2607:f8b0:400e:c02::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 407408A0 for ; Sun, 21 Sep 2014 10:26:43 +0000 (UTC) Received: by mail-pd0-f181.google.com with SMTP id r10so2636476pdi.40 for ; Sun, 21 Sep 2014 03:26:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=aT+kgMB3sicscnPgaQGLShns+LaBlxp2Bdehtk7c9Co=; b=yGeCGXCfcX/iGQQXQxHPl3qwTHeb2YGWR0XVjUZh9iroaVyOMSEEDg/ujxfbEFwQS8 iBhGv2OhXihdYvvsqs6mzzmfaYla3Xx+gi0IfFGJIvKfDL9ZP8iQ3azBjWxVpJXa/4q9 5GUVDsLo+behouwFnBJM+68Zq6J64sUSTNcHskA7+gb/F9JO8hhSL55z14VNUMblWu5g av0giSx/tjk61hM0KsmwLvvkwAC4e3W5EzvtArgysrgedI2McsNVkBFLIjZtc9KFXLg7 Qel9eXw6FmHGWcbZmX6U/Z6DdBYZZCkRiTY4krCCbcVLbFqIAns5bCdXybDbgSG88js1 Wxvg== MIME-Version: 1.0 X-Received: by 10.66.158.200 with SMTP id ww8mr17210421pab.15.1411295202716; Sun, 21 Sep 2014 03:26:42 -0700 (PDT) Sender: ermal.luci@gmail.com Received: by 10.70.102.80 with HTTP; Sun, 21 Sep 2014 03:26:42 -0700 (PDT) In-Reply-To: <541EA396.7050201@winterei.se> References: <541EA396.7050201@winterei.se> Date: Sun, 21 Sep 2014 12:26:42 +0200 X-Google-Sender-Auth: S13FHijzSte1DrVAK8jj031azLM Message-ID: Subject: Re: IP fast forwarding and setkey From: =?UTF-8?Q?Ermal_Lu=C3=A7i?= To: "Paul S." Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: freebsd-net X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Sep 2014 10:26:43 -0000 If for you is an option pfSense has all the hard work done for you and you can use it for such installations. On Sun, Sep 21, 2014 at 12:08 PM, Paul S. wrote: > Hi folks, > > I plan to make an edge router out of a freebsd system with OpenBGPD + > FreeBSD 10, or such. > > I've been reading up, and noticed that the net.inet.ip.fastforwarding flag > provides rather nice performance benefits. > > My issue is, my upstream networks insist on using TCP MD5 authentication > on their BGP sessions. > > This is fine, except on FreeBSD -- I'm going to have to use the setkey > utility to set those since native PF_KEY support for OpenBGPD does not seem > available. > > Now, since setkey is part of IPSec, and there are countless warnings about > using IPSec and fastforwarding together in the manpage, am I correct in > assuming that this will not work if I have fastforwarding enabled? > > Is there any way to make it work? Quagga, from what I've read, seems to > also be in the same boat (Usage of setkey required for TCP MD5). > > I tried searching the manpages, but couldn't locate anything concrete on > this. > > Any assistance/replies are welcome. > > Thank you! > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > -- Ermal