On 2021-06-06, Patrick Dohman wrote:
> Perhaps it has something to do with Citrix being a dinosaur.
> God forbid the powers that be choose on premise unix.
> Regards
> Patrick
Your message doesn't appear to relate in any way to the message to which you're
replying.
>> On Jun 4, 2021, at 6:43
Perhaps it has something to do with Citrix being a dinosaur.
God forbid the powers that be choose on premise unix.
Regards
Patrick
> On Jun 4, 2021, at 6:43 AM, Stuart Henderson wrote:
>
> On 2021/06/03 15:04, Chris Cappuccio wrote:
>> Stuart Henderson [s...@spacehopper.org] wrote:
>>>
>>> Oh
On 2021/06/03 15:04, Chris Cappuccio wrote:
> Stuart Henderson [s...@spacehopper.org] wrote:
> >
> > Oh watch out with sloppy. Keep an eye on your state table size.
>
> Really? Wouldn't sloppy keep the state table smaller if anything since it's
> tracking less specifically?
>
> Anyways I use
Stuart Henderson [s...@spacehopper.org] wrote:
>
> Oh watch out with sloppy. Keep an eye on your state table size.
Really? Wouldn't sloppy keep the state table smaller if anything since it's
tracking less specifically?
Anyways I use sloppy across four boxes that run in parallel with pfsync.
I suspect that you’ll be out of luck until TLSv1.3 is implemented.
I’ve found the same to be true with the new 10 gb sfp switches in our
infrastructure which surprisingly still implement TLSv1.0 & broken CGI web
server.
Regards
Patrick
> On Jun 1, 2021, at 3:44 PM, Stuart Henderson wrote:
>
On 2021-05-30, Denis Fondras wrote:
> Le Fri, May 28, 2021 at 03:30:58PM -0700, Chris Cappuccio a écrit :
>> You might try "set state-defaults pflow, sloppy", also in some scenarios you
>> might need "set state-policy floating"
>>
>> If "sloppy" fixes it, there may be some bugs to hunt.
>>
>
>
Denis Fondras [open...@ledeuns.net] wrote:
>
> "sloppy" seems to fix the issue. I will do more tests this week before
> declaring
> victory :)
>
If that really works, then there could be a problem with PF sequence number
tracking. Can you develop a specific sequence of events to reproduce the
> "sloppy" seems to fix the issue. I will do more tests this week before
> declaring
> victory :)
>
> Thank you Chris.
>
Get somme ;)
Regards
Patrick
Le Fri, May 28, 2021 at 03:30:58PM -0700, Chris Cappuccio a écrit :
> You might try "set state-defaults pflow, sloppy", also in some scenarios you
> might need "set state-policy floating"
>
> If "sloppy" fixes it, there may be some bugs to hunt.
>
"sloppy" seems to fix the issue. I will do more
> problems are back.
>
> I tried to push up the state table (I reached 300k states), to no avail.
>
> Do you know what are the "right settings" to have pflow(4) enabled on PE
> router
> ?
Pflow requires pf to be enabled to create states otherwise there is
Here are some more infos :
>- does running pf(4) without pflow(4) cause issue?
Yes, the issue is linked to pf(4) being enabled.
>- can you confirm you were running with pf(4) disabled prior to enabling
> pflow(4)?
I do confirm. I never enable pf(4) on edge routers, it bit in the past
Hello,
I used OpenBSD as a PE router on my network. The router is connected to an IX, a
transit and multiple peers with OpenBGPd.
Earlier this week, I enabled pflow(4) to track traffic usage.
Unfortunately enabling pf(4) on a edge router does not seems like a good idea.
Some peers called in to
12 matches
Mail list logo
