Re: IP fast forwarding and setkey

2014-09-21 Thread Jim Thompson
> On Sep 21, 2014, at 10:41, Olivier Cochard-Labbé wrote: > >> On Sun, Sep 21, 2014 at 12:08 PM, Paul S. wrote: >> >> Hi folks, >> >> I plan to make an edge router out of a freebsd system with OpenBGPD + >> FreeBSD 10, or such. >> >> I've been reading up, and noticed that the net.inet.ip.fa

Re: IP fast forwarding and setkey

2014-09-21 Thread Olivier Cochard-Labbé
On Sun, Sep 21, 2014 at 12:08 PM, Paul S. wrote: > Hi folks, > > I plan to make an edge router out of a freebsd system with OpenBGPD + > FreeBSD 10, or such. > > I've been reading up, and noticed that the net.inet.ip.fastforwarding flag > provides rather nice performance benefits. > > My issue is

[Solved] Re: IP fast forwarding and setkey

2014-09-21 Thread Paul S.
So, just to notify -- I got a copy of the pfsense port of OpenBGPD (available from the pfsense-tools repository -- see https://forum.pfsense.org/index.php?topic=76132.0) and TCP-MD5 indeed does work in the build. Configuring local-address per peer is mandatory, however. I think it uses that t

Re: IP fast forwarding and setkey

2014-09-21 Thread Paul S.
Interesting. Would you happen to know where I could obtain sources to their version of OpenBGPD, then? Thanks! On 9/21/2014 午後 07:35, Ermal Luçi wrote: On Sun, Sep 21, 2014 at 12:31 PM, Paul S. > wrote: Ermal, I'd prefer a raw BSD installation (Call i

Re: IP fast forwarding and setkey

2014-09-21 Thread Ermal Luçi
On Sun, Sep 21, 2014 at 12:31 PM, Paul S. wrote: > Ermal, > > I'd prefer a raw BSD installation (Call it a comfort thing, if you will). > > Has the pfSense project actually managed to patch OpenBGPD to remove its > dependency on OpenBSD specific bindings for TCP_MD5? > > It might be worth it to

Re: IP fast forwarding and setkey

2014-09-21 Thread Paul S.
Ermal, I'd prefer a raw BSD installation (Call it a comfort thing, if you will). Has the pfSense project actually managed to patch OpenBGPD to remove its dependency on OpenBSD specific bindings for TCP_MD5? It might be worth it to just try to build their fork, if that's the case. Thank you f

Re: IP fast forwarding and setkey

2014-09-21 Thread Ermal Luçi
If for you is an option pfSense has all the hard work done for you and you can use it for such installations. On Sun, Sep 21, 2014 at 12:08 PM, Paul S. wrote: > Hi folks, > > I plan to make an edge router out of a freebsd system with OpenBGPD + > FreeBSD 10, or such. > > I've been reading up, an

IP fast forwarding and setkey

2014-09-21 Thread Paul S.
Hi folks, I plan to make an edge router out of a freebsd system with OpenBGPD + FreeBSD 10, or such. I've been reading up, and noticed that the net.inet.ip.fastforwarding flag provides rather nice performance benefits. My issue is, my upstream networks insist on using TCP MD5 authentication