SUMMARY: 2 default routes and vpn

From: bsd unix <>
Date: Tue Feb 25 2003 - 10:48:54 EST
I got no replies with other ideas.  I tried Casper's ipfilter trick
and it works -- packets route through the correct cards now.

Alas, the combination of the IPsec tunnel and ipfilter are now causing
kernel stack overflows, even with lwp_default_stksize set to 0x8000.

Additionally, Sunsolve has conflicting information on what it should
be set to:  infodoc 20151 says "increasing stack sizes above 16k is a 
wholesale waste of memory" yet infodoc 40722 recommends increasing 
"the value to the next higher setting...If it is currently 16k, make 
it 24k."

Based on the description of rpcmod:svc_run_stksize it would seem to have
no impact on this setup, but I will try adding that anyway.

Thanks to Casper Dik for having posted his ipfilter trick.

----- Original Message -----
From: "bsd unix" <>
Date: Sat, 22 Feb 2003 19:41:49 -0500 
Subject: 2 default routes and vpn

> I have a system which has 2 default routes and is one end of a vpn.  
> Snoop shows that sometimes the system sends packets with the source 
> address of one card out the other.  There is one network per card and 
> one default route per card.
> What I am reading suggests that Solaris is using round-robin when 
> sending the packets out.  However, this causes some vpn packets to go 
> out the wrong interface, and thus the vpn has intermittent outages.  
> I saw a SUMMARY where Casper gave an example of using ipfilter to 
> force routing of the right network traffic out of the right card, but 
> was hoping there would be some kernel parameter or tweak to do this 
> natively.
> Apparently ip_strict_dst_multihoming is of no help because that only 
> works on inbound connections.
> Thanks in advance for any help or pointers.

Sign-up for your own FREE Personalized E-mail at
sunmanagers mailing list
Received on Tue Feb 25 10:59:41 2003

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:03 EST