[163109] in North American Network Operators' Group
Re: High throughput bgp links using gentoo + stipped kernel
daemon@ATHENA.MIT.EDU (Andre Tomt)
Sun May 19 21:01:40 2013
Date: Mon, 20 May 2013 03:01:25 +0200
From: Andre Tomt <andre-nanog@tomt.net>
To: Ben <ben@meh.net.nz>
In-Reply-To: <20130519232314.GA2519@pearl.meh.net.nz>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Minor nitpicking I know..
On 20. mai 2013 01:23, Ben wrote:
> With Linux you have to disable reverse path filtering, screw around with iptables
> to do bypass on stateful filtering.
You dont have to "screw around" with iptables. The kernel wont load the
conntrack modules/code unless you actually try to load stateful
rulesets*. rp filtering on by default I'd also argue is the better
default setting, for the 99% of other usecases :-P
With quagga I would tend to agree - but as you I have not used it ages
and things do change for the better over time -- occasionally.
* you CAN configure your kernel to always load it, but that is silly.
