If for you is an option pfSense has all the hard work done for you and you can use it for such installations.
On Sun, Sep 21, 2014 at 12:08 PM, Paul S. <[email protected]> wrote: > Hi folks, > > I plan to make an edge router out of a freebsd system with OpenBGPD + > FreeBSD 10, or such. > > I've been reading up, and noticed that the net.inet.ip.fastforwarding flag > provides rather nice performance benefits. > > My issue is, my upstream networks insist on using TCP MD5 authentication > on their BGP sessions. > > This is fine, except on FreeBSD -- I'm going to have to use the setkey > utility to set those since native PF_KEY support for OpenBGPD does not seem > available. > > Now, since setkey is part of IPSec, and there are countless warnings about > using IPSec and fastforwarding together in the manpage, am I correct in > assuming that this will not work if I have fastforwarding enabled? > > Is there any way to make it work? Quagga, from what I've read, seems to > also be in the same boat (Usage of setkey required for TCP MD5). > > I tried searching the manpages, but couldn't locate anything concrete on > this. > > Any assistance/replies are welcome. > > Thank you! > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "[email protected]" > -- Ermal _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[email protected]"
