Date: Sun, 21 Sep 2014 19:31:26 +0900 From: "Paul S." <contact@winterei.se> To: =?UTF-8?B?RXJtYWwgTHXDp2k=?= <eri@freebsd.org> Cc: freebsd-net <freebsd-net@freebsd.org> Subject: Re: IP fast forwarding and setkey Message-ID: <541EA8FE.5080905@winterei.se> In-Reply-To: <CAPBZQG0gCAzmOqr36VZGV1GSaO_8eXdfPV5GqSzO4g4ju%2B6u2A@mail.gmail.com> References: <541EA396.7050201@winterei.se> <CAPBZQG0gCAzmOqr36VZGV1GSaO_8eXdfPV5GqSzO4g4ju%2B6u2A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Ermal, I'd prefer a raw BSD installation (Call it a comfort thing, if you will). Has the pfSense project actually managed to patch OpenBGPD to remove its dependency on OpenBSD specific bindings for TCP_MD5? It might be worth it to just try to build their fork, if that's the case. Thank you for responding! On 9/21/2014 午後 07:26, Ermal Luçi wrote: > If for you is an option pfSense has all the hard work done for you and > you can use it for such installations. > > On Sun, Sep 21, 2014 at 12:08 PM, Paul S. <contact@winterei.se > <mailto:contact@winterei.se>> wrote: > > Hi folks, > > I plan to make an edge router out of a freebsd system with > OpenBGPD + FreeBSD 10, or such. > > I've been reading up, and noticed that the > net.inet.ip.fastforwarding flag provides rather nice performance > benefits. > > My issue is, my upstream networks insist on using TCP MD5 > authentication on their BGP sessions. > > This is fine, except on FreeBSD -- I'm going to have to use the > setkey utility to set those since native PF_KEY support for > OpenBGPD does not seem available. > > Now, since setkey is part of IPSec, and there are countless > warnings about using IPSec and fastforwarding together in the > manpage, am I correct in assuming that this will not work if I > have fastforwarding enabled? > > Is there any way to make it work? Quagga, from what I've read, > seems to also be in the same boat (Usage of setkey required for > TCP MD5). > > I tried searching the manpages, but couldn't locate anything > concrete on this. > > Any assistance/replies are welcome. > > Thank you! > _______________________________________________ > freebsd-net@freebsd.org <mailto:freebsd-net@freebsd.org> mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to > "freebsd-net-unsubscribe@freebsd.org > <mailto:freebsd-net-unsubscribe@freebsd.org>" > > > > > -- > Ermal
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?541EA8FE.5080905>