From: Stuart Henderson Subject: Re: cache route at pf state To: Alexander Bluhm , tech@openbsd.org Date: Mon, 22 Jul 2024 10:28:29 +0100 On 2024/07/22 10:15, Claudio Jeker wrote: > On Sun, Jul 21, 2024 at 11:41:21AM +0200, Alexander Bluhm wrote: > > > > Of course pf states have different timeouts than ARP or ND6. Or > > are you more concerned about dynamic BGP routes that get referenced > > by states? > > Both. In most cases BGP routers will probably avoid states since routing > at that level is asymetric. Typically I use stateful rules on BGP routers for traffic to the router itself, and stateless for forwarded traffic. (Some people.may use "sloppy" but I ran into problems with that). As such the BGP sessions themselves are typically on stateful rules, and in many cases this is to a loopback IP address distributed by OSPF running across multiple WAN links - so if an old route is cached, there will be problems if a WAN link goes down.