Date: Thu, 21 Mar 2013 09:07:54 -0400 From: Michael MacLeod <mikemacleod@gmail.com> To: =?ISO-8859-1?Q?Ermal_Lu=E7i?= <eri@freebsd.org> Cc: freebsd-net <freebsd-net@freebsd.org> Subject: Re: Best way for an app to accept traffic on 30,000+ interfaces? Message-ID: <CAM-FeoH0Qs1HF9gv6XQM21xDCNsMQhnmN5KoED8U9kdWsYW=LA@mail.gmail.com> In-Reply-To: <CAPBZQG2eZ3C68HaAPRUehBJ62L%2B87-LdLRrMRkzj=-09dHKrYA@mail.gmail.com> References: <20130321005959.98706.qmail@f5-external.bushwire.net> <CAPBZQG2eZ3C68HaAPRUehBJ62L%2B87-LdLRrMRkzj=-09dHKrYA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Ermal is probably on the right track. Working in a load balanced environment I've personally done three contiguous /20 blocks using three loopback interfaces on linux hosts. I'd imagine that FreeBSD should behave similarly. The only fancy thing the load balancer did was as packets destined for one of the VIPs, it would forward the packet to one of the linux hosts at layer 2, but wouldn't touch the layer 3 headers at all, preserving that information. The host would see the VIP address, and respond from it, because it existed on the loopback interface. It worked well - you'll have to recreate similar behaviour in your network. We did entire groups of contiguous /64 blocks in IPv6 in the same way. On Thu, Mar 21, 2013 at 4:25 AM, Ermal Lu=E7i <eri@freebsd.org> wrote: > On Thu, Mar 21, 2013 at 1:59 AM, Mark D <markd-freebsd-net@bushwire.net>w= rote: > >> (Hopefully this isn't too out-of-scope for this list..) >> >> I have an application in mind that I'd like to have accept/respond to >> UDP queries sent to perhaps 30K contiguous IP addresses (most likely >> IPV6 addresses because such ranges are easy to come by, but >> conceptually ipv4 as well). >> >> This would all be on a small number of FBSD instances. >> >> Though it could be done, I don't really want to create 30K interfaces >> and have the application bind 30K sockets as it's not clear if that >> will scale if I try an address range that expands to, say, 1M IPs >> wide. >> >> This address range would be internet-facing and responding to random >> remote clients. >> >> My first thought is to use SOCK_RAW in much the same way that natd >> does - at least to receive the traffic. >> >> Is that a sensible and viable approach or is there a better/easier >> way? >> >> >> Mark. >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> > > > How about firing up one of the firewall/pfil(9) consumers like (ipfw/pf) > and adding rules to redirect traffic to a socket bound on loopback? > > -- > Ermal > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAM-FeoH0Qs1HF9gv6XQM21xDCNsMQhnmN5KoED8U9kdWsYW=LA>