[strongSwan] process_route = no
Stig Thormodsrud
stig at ubnt.com
Tue Nov 10 22:38:44 CET 2015
I'm in the process of upgrading our routers from strongswan 4.5.2 to
5.2.2. One of our alpha testers noticed that while bgp was injecting
a full route table (~540k routes) that charon maxed out the cpu. I
found that if I change charon.conf process_route = no then the problem
goes away. However I'm left wondering what functionality have I lost
by not processing routes? I tried several site-to-site examples,
0.0.0.0 peer, vti, etc. and so far they all seem to work with
process_route = no.
So for a router that may have thousands of routes is there a better
way to configure strongswan such that charon doesn't chew up all the
cpu cycles.
More information about the Users
mailing list