Date: Wed, 24 May 2006 12:13:13 +0300 (EEST) From: Dmitry Pryanishnikov <dmitry@atlantis.dp.ua> To: freebsd-net@freebsd.org Subject: IP fastforwarding in RELENG_4 and CURRENT/RELENG_6 Message-ID: <20060524114116.B43295@atlantis.atlantis.dp.ua>
next in thread | raw e-mail | index | archive | help
Hello! What is the current status of the fast IP forwarding in RELENG_4 and in modern versions (CURRENT/RELENG_6)? I see that this code (either ip_flow.* in RELENG_4 or ip_fastfwd.c in RELENG_6) is always included into kernel (no separate option for it), but is disabled by default. What are drawbacks from enabling it (pure-IPv4 environment, heavy use of ipfw+divert+dummynet, occasionally use of IPSEC)? I haven't found any documentation for this option besides comments in ip_fastfwd.c, and those comments rose several questions: * Else if something is not pure IPv4 unicast forwarding we fall back to * the normal ip_input processing path. We should only be called from ----------------------------------------^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * interfaces connected to the outside world. ---^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ How to achieve this aim? I see no fastforwarding-specific options in ifconfig. * IPSEC is not supported if this host is a tunnel broker. IPSEC is * supported for connections to/from local host. Is it true for FAST_IPSEC? Am I understand 'tunnel broker' correctly: it's the host that wraps other host's traffic into the ESP using IPSEC tunnel mode? How about IPSEC transport mode? And the main question: does this description stands for ip_flow implementation in RELENG_4? If not, what are the differences? Sincerely, Dmitry -- Atlantis ISP, System Administrator e-mail: dmitry@atlantis.dp.ua nic-hdl: LYNX-RIPE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060524114116.B43295>