From owner-freebsd-net@FreeBSD.ORG Fri Mar 21 18:54:45 2008 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AEA50106566B for ; Fri, 21 Mar 2008 18:54:45 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outP.internet-mail-service.net (outP.internet-mail-service.net [216.240.47.239]) by mx1.freebsd.org (Postfix) with ESMTP id 929658FC1E for ; Fri, 21 Mar 2008 18:54:45 +0000 (UTC) (envelope-from julian@elischer.org) Received: from mx0.idiom.com (HELO idiom.com) (216.240.32.160) by out.internet-mail-service.net (qpsmtpd/0.40) with ESMTP; Fri, 21 Mar 2008 11:40:59 -0700 Received: from julian-mac.elischer.org (localhost [127.0.0.1]) by idiom.com (Postfix) with ESMTP id 546E52D600D; Fri, 21 Mar 2008 11:40:47 -0700 (PDT) Message-ID: <47E40130.1000901@elischer.org> Date: Fri, 21 Mar 2008 11:40:48 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.12 (Macintosh/20080213) MIME-Version: 1.0 To: Brett Glass References: <200803211547.JAA28265@lariat.net> In-Reply-To: <200803211547.JAA28265@lariat.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: net@freebsd.org Subject: Re: GRE Mux X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Mar 2008 18:54:45 -0000 Brett Glass wrote: > Everyone: > > I have recently been building FreeBSD VPN servers which can accept 50 to > 100 PPTP connections. PPTP is, essentially, PPP over GRE (with a TCP > control connection), so we have large numbers of packets passing in and > out using GRE. Unfortunately, GRE on FreeBSD doesn't currently have a > multiplexing function as does TCP. If userland PPP and pptpd are used to > handle the PPTP sessions, each GRE packet is passed to the first pptpd > process. If the call ID doesn't match, it's passed to the next, and then > the next, and so on. What's more, each test requires a "bounce" into and > out of the kernel. mpd, which uses netgraph, does more of the work > within the kernel, but the testing still takes place in linear time -- > and the potential delay increases with the number of PPTP sessions that > have been established. The packet is bounced from one netgraph node to > another until one of them accepts it or the packet falls off the end of > the chain. > > It seems to me that it might be worth it to implement a multiplexing > function that dispatches the packet directly to the right process or > netgraph node rather than passing it from hand to hand. Thoughts? if it takes you more than 1 day to write a netgraph function to do it you are taking too many coffee breaks. mpd could probably do it automatically as it already does a lot of netgraph munging. > > --Brett Glass > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"