Re: Stack virtualization (was: running out of mbufs?)

• Previous message: Maxim Konovalov: "Re: very busy ftpd"
• In reply to: Jeremie Le Hen: "Re: Stack virtualization (was: running out of mbufs?)"
• Next in thread: Christian Kratzer: "Re: Stack virtualization (was: running out of mbufs?)"
• Reply: Christian Kratzer: "Re: Stack virtualization (was: running out of mbufs?)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Wed, 10 Aug 2005 13:16:11 +0200
To: Jeremie Le Hen <jeremie@le-hen.org>

Jeremie Le Hen wrote:
>
> > I haven't fully explored all applications and possible tie-ins with
> > jails, virtual stacks etc. but it looks very interesting.
> >
> > For example I want to have multiple routing tables within the same
> > stack. These routing tables can be opaque or fall-through and match
> > on the source and destination address (not at the same time though).
> > This way we get ultimate routing flexibility in using FreeBSD as
> > router. An incoming packet on interface em0 with group priority
> > would first match into routing table X, and if no match fall-through
> > to the default routing table. Or you could create a source matching
> > routing table Y sending matching packets further to table Z for
> > low priority routing.
>
> What you are saying clearly reminds me the way Linux does it.
> Basically they have about 256 routing tables available, one of them
> being the default one (254 IIRC). Once you have filled the those you
> want to use, you can assign a routing table to each packet with what
> they simply call "rules". The routing criteria are classical, such as
> "from", "to", "tos", "iif" (incoming interface)...
> (See the manpage [1] for more informations, the IPRoute2 framework is
> quite powerful.)
>
> One of the most powerful criteria it provides is "fwmark" which allows
> to match against a mark stamped on the skbuff (their mbuf) by the
> firewall. This leads to the ability to route packets based on the
> whole capabilities of the firewall framework (NetFilter in this case) :
> TCP/UDP ports, ICMP types, and so on...

This is mostly the direction I'll go. However any packet classification
other than on IP addresses is to be done by a packet filter (ipfw, pf,
ipfilter).

> This might appear a little bit hackish to networking guys, especially
> those ones that are working on backbone routers, but this flexibility
> is almost nothing to add (pf already has the ability to tag packets,
> IIRC) and it doesn't constrain the design at all, IMHO. FYI, this has
> already been discussed in this subthread [2].

The biggest problem for more complex IP routing setups is wrapping ones
head around the endless possibilities. The very concept of longest-
prefix match on a hop by hop basis is difficult to graps for too many
people unfortunatly. I have things in (very large) enterprise environments
you wouldn't believe...

-- 
Andre
> I have to say that I was quite impressed by Linux networking
> capabilities (this was in the 2.4 days), and that's why I would really
> like to see FreeBSD to be able to do this.
> 
> > It's hard to describe this textually to its full extent.  That's why
> > my upcoming paper will have mostly graphics depicting the packet flow
> > and the processing options.
> 
> I'm in haste to read your paper.
> 
> [1] http://www.manpage.org/cgi-bin/man/man2html?8+ip
> [2] http://lists.freebsd.org/pipermail/freebsd-net/2005-June/007743.html
> 
> Regards,
> --
> Jeremie Le Hen
> < jeremie at le-hen dot org >< ttz at chchile dot org >
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

• Previous message: Maxim Konovalov: "Re: very busy ftpd"
• In reply to: Jeremie Le Hen: "Re: Stack virtualization (was: running out of mbufs?)"
• Next in thread: Christian Kratzer: "Re: Stack virtualization (was: running out of mbufs?)"
• Reply: Christian Kratzer: "Re: Stack virtualization (was: running out of mbufs?)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: How do I read/interpret a (netstat) routing table ? ... I know this routing table is used to direct TCP/IP packets to their destination. ... Assume on local computer 192.168.0.14 a TCP-IP packet is arriving with the destination ... NetMask --> Makes it easier for the Router (layer 3 device, ... (microsoft.public.windowsxp.network_web) Re: Programming Question: Policy Based Routing ... My definition of Policy-Based Routing: ... address, L4 protocol, tos, packet length. ... packet and an AVL tree to store routing information in it. ... first thing is to create a generic route mask. ... (freebsd-net) Re: Programming Question: Policy Based Routing ... > My definition of Policy-Based Routing: ... > address, L4 protocol, tos, packet length. ... > packet and an AVL tree to store routing information in it. ... > first thing is to create a generic route mask. ... (freebsd-net) multiple routing tables roadmap ... packet streams to be routed by more than just the destination address. ... multiple kernel routing tables (which I will now refer to as "Forwarding Information Bases" or "FIBs" for political correctness reasons. ... Other protocol families are left untouched and should there be users with proprietary protocol families, ... To understand how this is done, one must know that the current FIB code ... (freebsd-arch) multiple routing tables roadmap ... packet streams to be routed by more than just the destination address. ... multiple kernel routing tables (which I will now refer to as "Forwarding Information Bases" or "FIBs" for political correctness reasons. ... Other protocol families are left untouched and should there be users with proprietary protocol families, ... To understand how this is done, one must know that the current FIB code ... (freebsd-net)