[quagga-dev 16612] Re: nhrpd / shortcut tunnel not built up

Timo Teras timo.teras at iki.fi
Tue May 9 05:26:40 BST 2017


Hi,

On Mon, 8 May 2017 23:08:41 +0200
Patrick Oeschger <patrick.oeschger at bluewin.ch> wrote:

> I have one DMVPN hub plus two Spokes.
> Traffic between hub and spokes is working well but shortcut tunnels 
> (spoke2spoke) do not build up.
> Maybe not a bug but my very own stupidity (aka. config issue)
> Anyone ready to give a hint?

There is an additional step to enable hub functionality.
For documentation see:
http://git.savannah.gnu.org/cgit/quagga.git/tree/nhrpd/README.nhrpd#n85

The iptables rule is a requirement currently. It would be nice if nhrpd
could automatically configure kernel for this. Unfortunately hashlimit
like functionality cannot be done of PF_PACKET socket filters AFAIK.
But it is needed to not keep nhrpd scalable when shortcuts don't form
for some reason.

And at least for now, I prefer not to automatically adjust firewall
rules from nhrpd.

Cheers,
Timo


More information about the Quagga-dev mailing list