Date: Fri, 21 Mar 2008 09:47:08 -0600 From: Brett Glass <brett@lariat.net> To: net@freebsd.org Subject: GRE Mux Message-ID: <200803211547.JAA28265@lariat.net>
next in thread | raw e-mail | index | archive | help
Everyone: I have recently been building FreeBSD VPN servers which can accept 50 to 100 PPTP connections. PPTP is, essentially, PPP over GRE (with a TCP control connection), so we have large numbers of packets passing in and out using GRE. Unfortunately, GRE on FreeBSD doesn't currently have a multiplexing function as does TCP. If userland PPP and pptpd are used to handle the PPTP sessions, each GRE packet is passed to the first pptpd process. If the call ID doesn't match, it's passed to the next, and then the next, and so on. What's more, each test requires a "bounce" into and out of the kernel. mpd, which uses netgraph, does more of the work within the kernel, but the testing still takes place in linear time -- and the potential delay increases with the number of PPTP sessions that have been established. The packet is bounced from one netgraph node to another until one of them accepts it or the packet falls off the end of the chain. It seems to me that it might be worth it to implement a multiplexing function that dispatches the packet directly to the right process or netgraph node rather than passing it from hand to hand. Thoughts? --Brett Glass
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200803211547.JAA28265>