From: bsd unix (bsdunix@mail.com)
Date: Tue Feb 25 2003 - 10:47:52 EST
I got no replies with other ideas. I tried Casper's ipfilter trick
and it works -- packets route through the correct cards now.
Alas, the combination of the IPsec tunnel and ipfilter are now causing
kernel stack overflows, even with lwp_default_stksize set to 0x8000.
Additionally, Sunsolve has conflicting information on what it should
be set to: infodoc 20151 says "increasing stack sizes above 16k is a
wholesale waste of memory" yet infodoc 40722 recommends increasing
"the value to the next higher setting...If it is currently 16k, make
it 24k."
Based on the description of rpcmod:svc_run_stksize it would seem to have
no impact on this setup, but I will try adding that anyway.
Thanks to Casper Dik for having posted his ipfilter trick.
----- Original Message -----
From: "bsd unix" <bsdunix@mail.com>
Date: Sat, 22 Feb 2003 19:41:49 -0500
To: sunmanagers@sunmanagers.org
Subject: 2 default routes and vpn
> I have a system which has 2 default routes and is one end of a vpn.
> Snoop shows that sometimes the system sends packets with the source
> address of one card out the other. There is one network per card and
> one default route per card.
>
> What I am reading suggests that Solaris is using round-robin when
> sending the packets out. However, this causes some vpn packets to go
> out the wrong interface, and thus the vpn has intermittent outages.
> I saw a SUMMARY where Casper gave an example of using ipfilter to
> force routing of the right network traffic out of the right card, but
> was hoping there would be some kernel parameter or tweak to do this
> natively.
>
> Apparently ip_strict_dst_multihoming is of no help because that only
> works on inbound connections.
>
> Thanks in advance for any help or pointers.
-- __________________________________________________________ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:25:53 EDT