From owner-freebsd-net@FreeBSD.ORG  Fri Mar 21 16:25:22 2008
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3F2C01065674
	for <net@freebsd.org>; Fri, 21 Mar 2008 16:25:22 +0000 (UTC)
	(envelope-from brett@lariat.net)
Received: from lariat.net (lariat.net [66.119.58.2])
	by mx1.freebsd.org (Postfix) with ESMTP id E13F08FC33
	for <net@freebsd.org>; Fri, 21 Mar 2008 16:25:21 +0000 (UTC)
	(envelope-from brett@lariat.net)
Received: from anne-o1dpaayth1.lariat.org (IDENT:ppp1000.lariat.net@lariat.net
	[66.119.58.2]) by lariat.net (8.9.3/8.9.3) with ESMTP id JAA28265
	for <net@freebsd.org>; Fri, 21 Mar 2008 09:47:26 -0600 (MDT)
Message-Id: <200803211547.JAA28265@lariat.net>
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Fri, 21 Mar 2008 09:47:08 -0600
To: net@freebsd.org
From: Brett Glass <brett@lariat.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Cc: 
Subject: GRE Mux
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Mar 2008 16:25:22 -0000

Everyone:

I have recently been building FreeBSD VPN servers which can accept 
50 to 100 PPTP connections. PPTP is, essentially, PPP over GRE 
(with a TCP control connection), so we have large numbers of 
packets passing in and out using GRE. Unfortunately, GRE on FreeBSD 
doesn't currently have a multiplexing function as does TCP. If 
userland PPP and pptpd are used to handle the PPTP sessions, each 
GRE packet is passed to the first pptpd process. If the call ID 
doesn't match, it's passed to the next, and then the next, and so 
on. What's more, each test requires a "bounce" into and out of the 
kernel. mpd, which uses netgraph, does more of the work within the 
kernel, but the testing still takes place in linear time -- and the 
potential delay increases with the number of PPTP sessions that 
have been established. The packet is bounced from one netgraph node 
to another until one of them accepts it or the packet falls off the 
end of the chain.

It seems to me that it might be worth it to implement a 
multiplexing function that dispatches the packet directly to the 
right process or netgraph node rather than passing it from hand to 
hand. Thoughts?

--Brett Glass