How to disable tryforward ?

k simon moremore2 at outlook.com
Tue Oct 22 05:38:19 UTC 2019 

Hi,
Tryforwad have merged 3 yeas ago, and  it haven’t a sysctl to disable it , so ECMP was broken past 3 years. Olivier has fired a bug : https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=225792 , it seems that a few of people cares it.
Andrey said maybe some ipsec policy can disable tryforward.( https://lists.freebsd.org/pipermail/freebsd-net/2017-February/047203.html. ) I have tried a lot configurations,  but  failed. Can someone point it out ?
Thanks!

Simon Ke
20191022



P.S.
# uname -a
FreeBSD host-router-a 11.2-STABLE FreeBSD 11.2-STABLE #1 r345567: Tue Apr 30 11:59:38 CST 2019     root at vm-router-n2:/usr/obj/usr/src/sys/ule-11-stable-r345567  amd64

# ospfd -v
ospfd version 7.1
Copyright 1996-2005 Kunihiro Ishiguro, et al.
configured with:
‘--enable-user=frr' '--enable-group=frr' '--enable-vty-group=frrvty' '--disable-doc-html' '--sysconfdir=/usr/local/etc/frr' '--localstatedir=/var/run/frr' '--disable-nhrpd' '--disable-pimd' '--with-vtysh-pager=cat' '--disable-config-rollbacks' '--disable-datacenter' '--enable-fpm' '--disable-ldpd' '--enable-multipath=64' '--without-libpam' '--disable-rpki' '--disable-shell-access' '--disable-snmp' '--disable-tcmalloc' '--disable-tcp-zebra' '--enable-vtysh' '--prefix=/usr/local' '--mandir=/usr/local/man' '--disable-silent-rules' '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd12.0' 'build_alias=amd64-portbld-freebsd12.0' 'PKG_CONFIG=pkgconf' 'CC=cc' 'CFLAGS=-O2 -pipe -fstack-protector-strong -fno-strict-aliasing ' 'LDFLAGS= -L/usr/local/lib -L/usr/local/lib -fstack-protector-strong ' 'LIBS=' 'CPPFLAGS=-I/usr/local/include -I/usr/local/include' 'CPP=cpp' 'CXX=c++' 'CXXFLAGS=-O2 -pipe -fstack-protector-strong -fno-strict-aliasing '


# netstat -nrW |more
Routing tables

Internet:
Destination        Gateway            Flags       Use    Mtu      Netif Expire
default            192.168.205.36     UG1        5385   1500    vlan256
default            192.168.205.38     UG1           0   1500    vlan256


# more /etc/ipsec.conf
flush;
spdflush;
#spdadd 172.16.1.32/29 172.16.1.8/29 any -P out ipsec esp/tunnel/192.168.205.37-192.168.205.36/use;
#spdadd 172.16.1.8/29 172.16.1.32/29 any -P in  ipsec esp/tunnel/192.168.205.36-192.168.205.37/use;

spdadd 0.0.0.0/0 0.0.0.0/0 any -P out ipsec esp/tunnel/192.168.205.37-192.168.205.36/use;

More information about the freebsd-net mailing list