Browse Source

nhrpd: add few tested kernels, improve readme notes

Timo Teräs 2 years ago
parent
commit
5178613d64
2 changed files with 16 additions and 11 deletions
  1. 6 4
      nhrpd/README.kernel
  2. 10 7
      nhrpd/README.nhrpd

+ 6 - 4
nhrpd/README.kernel

@@ -1,13 +1,15 @@
-KERNEL REQUIREMENTS
-===================
+LINUX KERNEL REQUIREMENTS
+=========================
 
 The linux kernel has had various major regressions, performance
 issues and subtle bugs (especially in pmtu). Here is a short list
-of some -stable kernels and the first point release that is supposedly
-working well with opennhrp/dmvpn:
+of some -stable kernels that have been tested (at least briefly)
+and seem to be working well with Quagga/NHRP:
   3.12.8 or later
   3.14.54 or later
   3.18.22 or later[1]
+  4.4.52 or later
+  4.9.30 or later
 
 [1] But you need to apply the following two backported commits:
     3cdaa5be9e ipv4: Don't increase PMTU with Datagram Too Big message

+ 10 - 7
nhrpd/README.nhrpd

@@ -9,17 +9,18 @@ Cisco DMVPN (and potentially with FlexVPN in the future).
 Current Status
 --------------
 
+Implemented:
 - IPsec integration with strongSwan (requires patched strongSwan)
 - IPv4 over IPv4 NBMA GRE
 - IPv6 over IPv4 NBMA GRE -- majority of code exist; but is not tested
-- Spoke (NHC) functionality complete
-- Hub (NHS) functionality complete
-- Multicast support is not done yet
-  (so OSPF will not work, use BGP for now)
+- Spoke (NHC) functionality
+- Hub (NHS) functionality
 
-The code is not (yet) compatible with Cisco FlexVPN style DMVPN. It
-would require relaying IKEv2 routing messages from strongSwan to nhrpd
-and parsing that. It is doable, but not implemented for the time being.
+Not yet implemented:
+- NHRP Authentication
+- NHRP Groups
+- Multicast support (OSPF will not work)
+- Full Cisco FlexVPN compatibility (IKEv2 routing)
 
 
 Routing Design
@@ -32,6 +33,7 @@ To create NBMA GRE tunnel you might use following:
 	ip tunnel add gre1 mode gre key 42 ttl 64 dev eth0
 	ip addr add 10.255.255.2/32 dev gre1
 	ip link set gre1 up
+	sysctl net.ipv4.ip_forward_use_pmtu=1 #for kernels>=3.14
 
 This has two important differences compared to opennhrp setup:
  1. The 'tunnel add' now specifies physical device binding. Quagga/NHRP
@@ -114,6 +116,7 @@ Getting information via vtysh
 
 Some commands of interest:
  - show dmvpn
+ - show ip nhrp nhs
  - show ip nhrp cache
  - show ip nhrp shortcut
  - show ip route nhrp