From owner-freebsd-net@FreeBSD.ORG Fri Sep 9 16:29:27 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4490D16A41F for ; Fri, 9 Sep 2005 16:29:27 +0000 (GMT) (envelope-from sam@errno.com) Received: from ebb.errno.com (ebb.errno.com [66.127.85.87]) by mx1.FreeBSD.org (Postfix) with ESMTP id C857943D48 for ; Fri, 9 Sep 2005 16:29:26 +0000 (GMT) (envelope-from sam@errno.com) Received: from [10.0.0.200] ([10.0.0.200]) (authenticated bits=0) by ebb.errno.com (8.12.9/8.12.6) with ESMTP id j89GTJ6j011461 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 9 Sep 2005 09:29:20 -0700 (PDT) (envelope-from sam@errno.com) Message-ID: <4321BA08.9060500@errno.com> Date: Fri, 09 Sep 2005 09:36:24 -0700 From: Sam Leffler User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050327) X-Accept-Language: en-us, en MIME-Version: 1.0 To: eculp@bafirst.com References: <20050908221115.038c3abd.lists@yazzy.org> <004701c5b4df$9207d260$1200a8c0@gsicomp.on.ca> <4320EDDF.6090303@errno.com> <20050909054110.08pqjx9bi884c0sg@mail.bafirst.com> In-Reply-To: <20050909054110.08pqjx9bi884c0sg@mail.bafirst.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: net.inet.ip.forwarding and net.inet.ip.fastforwarding X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Sep 2005 16:29:27 -0000 eculp@bafirst.com wrote: > Quoting Sam Leffler : > >> Matt Emmerton wrote: >> >>>> Hi guys. >>>> >>>> What's the difference between net.inet.ip.forwarding and >>> >>> >>> net.inet.ip.fastforwarding ? >>> >>>> What's the role of net.inet.ip.fastforwarding ? >>> >>> >>> >>>> From inet(4): >>> >>> >>> IPCTL_FORWARDING (ip.forwarding) Boolean: enable/disable >>> forwarding >>> of IP packets. Defaults to off. >>> >>> IPCTL_FASTFORWARDING (ip.fastforwarding) Boolean: >>> enable/disable the >>> use >>> of fast IP forwarding code. Defaults to off. >>> When >>> fast forwarding is enabled, IP packets are >>> for- >>> warded directly to the appropriate network >>> inter- >>> face with a minimal validity checking, which >>> greatly improves the throughput. On the >>> other >>> hand, they bypass the standard procedures, >>> such >>> as >>> IP option processing and ipfirewall(4) >>> checking. >>> It is not guaranteed that every packet >>> will be >>> fast-forwarded. >>> >> >> This quote is out of date; on current fastforwarding is purely an >> optimization path--if the packet requires features not supported by >> the fast path then it's processed normally. > > > Maybe I should have another ristreto before asking this, but based on > what I understand from this thread and speaking of current 7.0: > > a. I would set both in sysctl.conf > net.inet.ip.forwarding=1 > net.inet.ip.fastforwarding=1 > b. There would be no "down side" in current 7.0 > > Is this more or less correct? If so, will this posibly be the case in > the 6.0 release also or only in current? 6.0 and 7.x share the same code so the settings are identical. As to downside you pay a penalty if the fastforwarding code has to hand the packet back to the "slow path". There may also be side effects from the run-to-completion model it uses. You should test to decide if the feature is worth enabling for your environment. I'm not sure it's had much testing (Andre?). Sam