From owner-freebsd-net@FreeBSD.ORG Fri Sep 9 16:49:50 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A5A4016A41F for ; Fri, 9 Sep 2005 16:49:50 +0000 (GMT) (envelope-from andre@freebsd.org) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id DE34143D48 for ; Fri, 9 Sep 2005 16:49:49 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 93133 invoked from network); 9 Sep 2005 16:25:57 -0000 Received: from unknown (HELO freebsd.org) ([62.48.0.53]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 9 Sep 2005 16:25:57 -0000 Message-ID: <4321BD3D.66417FA6@freebsd.org> Date: Fri, 09 Sep 2005 18:50:05 +0200 From: Andre Oppermann X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Sam Leffler References: <20050908221115.038c3abd.lists@yazzy.org> <004701c5b4df$9207d260$1200a8c0@gsicomp.on.ca> <4320EDDF.6090303@errno.com> <20050909054110.08pqjx9bi884c0sg@mail.bafirst.com> <4321BA08.9060500@errno.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: net.inet.ip.forwarding and net.inet.ip.fastforwarding X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Sep 2005 16:49:50 -0000 Sam Leffler wrote: > > eculp@bafirst.com wrote: > > Quoting Sam Leffler : > > > >> Matt Emmerton wrote: > >> > >>>> Hi guys. > >>>> > >>>> What's the difference between net.inet.ip.forwarding and > >>> > >>> > >>> net.inet.ip.fastforwarding ? > >>> > >>>> What's the role of net.inet.ip.fastforwarding ? > >>> > >>> > >>> > >>>> From inet(4): > >>> > >>> > >>> IPCTL_FORWARDING (ip.forwarding) Boolean: enable/disable > >>> forwarding > >>> of IP packets. Defaults to off. > >>> > >>> IPCTL_FASTFORWARDING (ip.fastforwarding) Boolean: > >>> enable/disable the > >>> use > >>> of fast IP forwarding code. Defaults to off. > >>> When > >>> fast forwarding is enabled, IP packets are > >>> for- > >>> warded directly to the appropriate network > >>> inter- > >>> face with a minimal validity checking, which > >>> greatly improves the throughput. On the > >>> other > >>> hand, they bypass the standard procedures, > >>> such > >>> as > >>> IP option processing and ipfirewall(4) > >>> checking. > >>> It is not guaranteed that every packet > >>> will be > >>> fast-forwarded. > >>> > >> > >> This quote is out of date; on current fastforwarding is purely an > >> optimization path--if the packet requires features not supported by > >> the fast path then it's processed normally. > > > > > > Maybe I should have another ristreto before asking this, but based on > > what I understand from this thread and speaking of current 7.0: > > > > a. I would set both in sysctl.conf > > net.inet.ip.forwarding=1 > > net.inet.ip.fastforwarding=1 > > b. There would be no "down side" in current 7.0 > > > > Is this more or less correct? If so, will this posibly be the case in > > the 6.0 release also or only in current? > > 6.0 and 7.x share the same code so the settings are identical. As to > downside you pay a penalty if the fastforwarding code has to hand the > packet back to the "slow path". There may also be side effects from the > run-to-completion model it uses. You should test to decide if the > feature is worth enabling for your environment. I'm not sure it's had > much testing (Andre?). When activated on a router it gives a very nice speed boost. Process completion pays off very well here. It has got a lot of testing at various ISP's on their production routers. For hosts it doesn't really hurt but is totally pointless. -- Andre