[pve-devel] [PATCH pve-docs 1/1] add vxlan l3 routing
Alexandre DERUMIER
aderumier at odiso.com
Sat Aug 11 20:34:27 CEST 2018
>>rp_filter is essential for security. Why do we
>>need to turn this off?
For example, I had problem with live migration, and symmetric model , timeout of 30-60s.
https://github.com/FRRouting/frr/issues/2129
----- Mail original -----
De: "dietmar" <dietmar at proxmox.com>
À: "pve-devel" <pve-devel at pve.proxmox.com>, "aderumier" <aderumier at odiso.com>
Envoyé: Samedi 11 Août 2018 10:01:37
Objet: Re: [pve-devel] [PATCH pve-docs 1/1] add vxlan l3 routing
some questions about sysctl setup:
> +sysctl.conf tuning
> +
> +----
> +#enable routing
> +net.ipv4.ip_forward=1
> +net.ipv6.conf.all.forwarding=1
> +#disable reverse path filtering
> +net.ipv4.conf.default.rp_filter=0
> +net.ipv4.conf.all.rp_filter=0
rp_filter is essential for security. Why do we
need to turn this off?
> +#allow frr to work with vrf
> +net.ipv4.tcp_l3mdev_accept=1
> +----
More information about the pve-devel
mailing list