Date: Tue, 24 Dec 2024 00:34:45 -0300 From: Santiago Martinez <sm@codenetworks.net> To: Paul Vixie <paul@redbarn.org> Cc: freebsd-net@freebsd.org Subject: Re: per-FIB socket binding Message-ID: <28EF197D-0D10-449A-A3C5-8B931F31CA6C@codenetworks.net> In-Reply-To: <7772475.EvYhyI6sBW@dhcp-151.access.rits.tisf.net>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] Hi, here’s another user of fibs. Each of our servers have multiple fibs and jails with fibs. I like the proposed. Santi > On 23 Dec 2024, at 16:46, Paul Vixie <paul@redbarn.org> wrote: > > > On Monday, December 23, 2024 7:23:35 PM UTC Bjoern A. Zeeb wrote: > > On Sat, 21 Dec 2024, Bjoern A. Zeeb wrote: > > >> Any thoughts/comments? > > > > > > That all said with your opt-in approach if the code itself doesn't bring > > > too many new complications I'd be happy with it (assuming FIBs still > > > have a use case). > > > > Seems there's plenty people using multi-FIB in various scenarios still, > > which is good to know. > > > > Go for it. > > i've been thinking along these lines for a few years now, since my vm server is multi-fib. each interface has a fib, mostly zero. for incoming TCP SYNs, i'd like to carry that fib# into the resulting PCB so that that fib's routing table and especially its default route will be used for that connection. yes, i can do that with ipfw, and am in fact doing so now. however, that's crocky. i think defaulting to the interface FIB for connections created and maintained by the kernel should always happen -- not opt-in, not opt-out, just always. is it worth me sending a patch that does this or would it be considered controversial? > > (making this happen for UDP is also interesting but is a separate matter since those servers already have to maintain socket-per-interface in order to get their source addresses to match the client's destination address.) > > -- > Paul Vixie [-- Attachment #2 --] <html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div dir="ltr"></div><div dir="ltr">Hi, </div><div dir="ltr">here’s another user of fibs. Each of our servers have multiple fibs and jails with fibs. </div><div dir="ltr">I like the proposed.</div><div dir="ltr">Santi </div><div dir="ltr"><br></div><div dir="ltr"><br><blockquote type="cite">On 23 Dec 2024, at 16:46, Paul Vixie <paul@redbarn.org> wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr"> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;"><span style="font-size:0.83em;">On Monday, December 23, 2024 7:23:35 PM UTC Bjoern A. Zeeb wrote:</span></p> <p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">> On Sat, 21 Dec 2024, Bjoern A. Zeeb wrote:</p> <p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">> >> Any thoughts/comments?</p> <p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">> > </p> <p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">> > That all said with your opt-in approach if the code itself doesn't bring</p> <p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">> > too many new complications I'd be happy with it (assuming FIBs still</p> <p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">> > have a use case).</p> <p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">> </p> <p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">> Seems there's plenty people using multi-FIB in various scenarios still,</p> <p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">> which is good to know.</p> <p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">> </p> <p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">> Go for it.</p> <br><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">i've been thinking along these lines for a few years now, since my vm server is multi-fib. each interface has a fib, mostly zero. for incoming TCP SYNs, i'd like to carry that fib# into the resulting PCB so that that fib's routing table and especially its default route will be used for that connection. yes, i can do that with ipfw, and am in fact doing so now. however, that's crocky. i think defaulting to the interface FIB for connections created and maintained by the kernel should always happen -- not opt-in, not opt-out, just always. is it worth me sending a patch that does this or would it be considered controversial?</p> <br><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">(making this happen for UDP is also interesting but is a separate matter since those servers already have to maintain socket-per-interface in order to get their source addresses to match the client's destination address.)</p> <br><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">-- </p> <p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">Paul Vixie</p> </div></blockquote></body></html>home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?28EF197D-0D10-449A-A3C5-8B931F31CA6C>