IP fastforwarding in RELENG_4 and CURRENT/RELENG_6 (fwd)



Hello!

Sorry for reposting my questions again, I hope they are interesting not
only for me...

What is the current status of the fast IP forwarding in RELENG_4 and in
modern versions (CURRENT/RELENG_6)? I see that this code (either ip_flow.*
in RELENG_4 or ip_fastfwd.c in RELENG_6) is always included into kernel
(no separate option for it), but is disabled by default. What are drawbacks
from enabling it (pure-IPv4 environment, heavy use of ipfw+divert+dummynet,
occasionally use of IPSEC)? I haven't found any documentation for this
option besides comments in ip_fastfwd.c, and those comments rose several
questions:

* Else if something is not pure IPv4 unicast forwarding we fall back to
* the normal ip_input processing path. We should only be called from
----------------------------------------^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* interfaces connected to the outside world.
---^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

How to achieve this aim? I see no fastforwarding-specific options in
ifconfig.

* IPSEC is not supported if this host is a tunnel broker. IPSEC is
* supported for connections to/from local host.

Is it true for FAST_IPSEC? Am I understand 'tunnel broker' correctly:
it's the host that wraps other host's traffic into the ESP using
IPSEC tunnel mode? How about IPSEC transport mode?

And the main question: does this description stands for ip_flow implementation
in RELENG_4? If not, what are the differences?

Sincerely, Dmitry
--
Atlantis ISP, System Administrator
e-mail: dmitry@xxxxxxxxxxxxxx
nic-hdl: LYNX-RIPE
_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"

Relevant Pages