Denis Fondras [open...@ledeuns.net] wrote: > Hello, > > I used OpenBSD as a PE router on my network. The router is connected to an > IX, a > transit and multiple peers with OpenBGPd. > > Earlier this week, I enabled pflow(4) to track traffic usage. > Unfortunately enabling pf(4) on a edge router does not seems like a good idea. > Some peers called in to tell they notice multiple problems (ranging from what > seems MTU problem to cut in lengthy TCP sessions), deactivating pf(4) > instantaneously fixed the problem on their side, reactivating pf($) and the > problems are back. > > I tried to push up the state table (I reached 300k states), to no avail. > > Do you know what are the "right settings" to have pflow(4) enabled on PE > router > ?
Pflow requires pf to be enabled to create states otherwise there is nothing to export. You could use a different flow generator tool (there is at least one in ports) that will watch the traffic over bpf and generate flow data. You might try "set state-defaults pflow, sloppy", also in some scenarios you might need "set state-policy floating" If "sloppy" fixes it, there may be some bugs to hunt.
