Date: Thu, 21 Mar 2013 14:59:03 +0100 From: Fleuriot Damien <ml@my.gd> To: =?iso-8859-1?Q?Ermal_Lu=E7i?= <eri@freebsd.org> Cc: freebsd-net <freebsd-net@freebsd.org> Subject: Re: Best way for an app to accept traffic on 30,000+ interfaces? Message-ID: <D6EED1FF-04FF-48F1-AB0D-6B27249053AA@my.gd> In-Reply-To: <CAPBZQG2JW=MA%2BymfWMV07PQshqC2G0zu5mhBe9wDT4bUnxbZfg@mail.gmail.com> References: <20130321005959.98706.qmail@f5-external.bushwire.net> <CAPBZQG2eZ3C68HaAPRUehBJ62L%2B87-LdLRrMRkzj=-09dHKrYA@mail.gmail.com> <96327F03-86EC-4EE6-9679-F66A960BDDB4@my.gd> <CAPBZQG2JW=MA%2BymfWMV07PQshqC2G0zu5mhBe9wDT4bUnxbZfg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mar 21, 2013, at 2:57 PM, Ermal Lu=E7i <eri@freebsd.org> wrote: >=20 >=20 >=20 > On Thu, Mar 21, 2013 at 2:54 PM, Fleuriot Damien <ml@my.gd> wrote: >=20 > On Mar 21, 2013, at 9:25 AM, Ermal Lu=E7i <eri@freebsd.org> wrote: >=20 > > On Thu, Mar 21, 2013 at 1:59 AM, Mark D = <markd-freebsd-net@bushwire.net>wrote: > > > >> (Hopefully this isn't too out-of-scope for this list..) > >> > >> I have an application in mind that I'd like to have accept/respond = to > >> UDP queries sent to perhaps 30K contiguous IP addresses (most = likely > >> IPV6 addresses because such ranges are easy to come by, but > >> conceptually ipv4 as well). > >> > >> This would all be on a small number of FBSD instances. > >> > >> Though it could be done, I don't really want to create 30K = interfaces > >> and have the application bind 30K sockets as it's not clear if that > >> will scale if I try an address range that expands to, say, 1M IPs > >> wide. > >> > >> This address range would be internet-facing and responding to = random > >> remote clients. > >> > >> My first thought is to use SOCK_RAW in much the same way that natd > >> does - at least to receive the traffic. > >> > >> Is that a sensible and viable approach or is there a better/easier > >> way? > >> > >> > >> Mark. > >> _______________________________________________ > >> freebsd-net@freebsd.org mailing list > >> http://lists.freebsd.org/mailman/listinfo/freebsd-net > >> To unsubscribe, send any mail to = "freebsd-net-unsubscribe@freebsd.org" > >> > > > > > > How about firing up one of the firewall/pfil(9) consumers like = (ipfw/pf) > > and adding rules to redirect traffic to a socket bound on loopback? > > > > -- > > Ermal >=20 >=20 > I fail to see how that's different from what I suggested with PF's rdr = rule ? >=20 > I never saw the e-mail in this thread!=20 Find below a copy of the text I posted : =3D=3D Use PF ? :p Rdr quick on $wan inet6 proto udp from any to 2001:1234::1/120 port = 12345 tag uwin -> ::1 Pass in quick on $wan inet6 proto udp tagged $uwin That's a bit dirty though, using PAT on ip6... =3D=3D Here you go. =46rom what I understand, that would be pretty similar to what you = suggested, aye ?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D6EED1FF-04FF-48F1-AB0D-6B27249053AA>