Hi folks,
I plan to make an edge router out of a freebsd system with OpenBGPD +
FreeBSD 10, or such.
I've been reading up, and noticed that the net.inet.ip.fastforwarding
flag provides rather nice performance benefits.
My issue is, my upstream networks insist on using TCP MD5 authentication
on their BGP sessions.
This is fine, except on FreeBSD -- I'm going to have to use the setkey
utility to set those since native PF_KEY support for OpenBGPD does not
seem available.
Now, since setkey is part of IPSec, and there are countless warnings
about using IPSec and fastforwarding together in the manpage, am I
correct in assuming that this will not work if I have fastforwarding
enabled?
Is there any way to make it work? Quagga, from what I've read, seems to
also be in the same boat (Usage of setkey required for TCP MD5).
I tried searching the manpages, but couldn't locate anything concrete on
this.
Any assistance/replies are welcome.
Thank you!
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
