[strongSwan] process_route = no

Stig Thormodsrud stig at ubnt.com
Tue Nov 10 22:50:52 CET 2015

I'm in the process of upgrading our routers from strongswan 4.5.2 to
5.2.2.  One of our alpha testers noticed that while bgp was injecting
a full route table (~540k routes) that charon maxed out the cpu.  I
found that if I change charon.conf process_route = no then the problem
goes away.  However I'm left wondering what functionality have I lost
by not processing routes?  I tried several site-to-site examples, peer, vti, etc. and so far they all seem to work with
process_route = no.

So for a router that may have thousands of routes is there a better
way to configure strongswan such that charon doesn't chew up all the
cpu cycles.

