Date: Tue, 24 Dec 2024 00:34:45 -0300 From: Santiago Martinez <sm@codenetworks.net> To: Paul Vixie <paul@redbarn.org> Cc: freebsd-net@freebsd.org Subject: Re: per-FIB socket binding Message-ID: <28EF197D-0D10-449A-A3C5-8B931F31CA6C@codenetworks.net> In-Reply-To: <7772475.EvYhyI6sBW@dhcp-151.access.rits.tisf.net> References: <7772475.EvYhyI6sBW@dhcp-151.access.rits.tisf.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail-4EB0C1F2-E6B5-4BB7-BD5D-7D078539BAD4 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi,=20 here=E2=80=99s another user of fibs. Each of our servers have multiple fibs a= nd jails with fibs.=20 I like the proposed. Santi=20 > On 23 Dec 2024, at 16:46, Paul Vixie <paul@redbarn.org> wrote: >=20 > =EF=BB=BF > On Monday, December 23, 2024 7:23:35 PM UTC Bjoern A. Zeeb wrote: > > On Sat, 21 Dec 2024, Bjoern A. Zeeb wrote: > > >> Any thoughts/comments? > > > > > > That all said with your opt-in approach if the code itself doesn't bri= ng > > > too many new complications I'd be happy with it (assuming FIBs still > > > have a use case). > > > > Seems there's plenty people using multi-FIB in various scenarios still, > > which is good to know. > > > > Go for it. >=20 > i've been thinking along these lines for a few years now, since my vm serv= er is multi-fib. each interface has a fib, mostly zero. for incoming TCP SYN= s, i'd like to carry that fib# into the resulting PCB so that that fib's rou= ting table and especially its default route will be used for that connection= . yes, i can do that with ipfw, and am in fact doing so now. however, that's= crocky. i think defaulting to the interface FIB for connections created and= maintained by the kernel should always happen -- not opt-in, not opt-out, j= ust always. is it worth me sending a patch that does this or would it be con= sidered controversial? >=20 > (making this happen for UDP is also interesting but is a separate matter s= ince those servers already have to maintain socket-per-interface in order to= get their source addresses to match the client's destination address.) >=20 > -- > Paul Vixie --Apple-Mail-4EB0C1F2-E6B5-4BB7-BD5D-7D078539BAD4 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html><head><meta http-equiv=3D"content-type" content=3D"text/html; charset=3D= utf-8"></head><body dir=3D"auto"><div dir=3D"ltr"></div><div dir=3D"ltr">Hi,= </div><div dir=3D"ltr">here=E2=80=99s another user of fibs. Each of ou= r servers have multiple fibs and jails with fibs. </div><div dir=3D"ltr= ">I like the proposed.</div><div dir=3D"ltr">Santi </div><div dir=3D"lt= r"><br></div><div dir=3D"ltr"><br><blockquote type=3D"cite">On 23 Dec 2024, a= t 16:46, Paul Vixie <paul@redbarn.org> wrote:<br><br></blockquote></di= v><blockquote type=3D"cite"><div dir=3D"ltr">=EF=BB=BF <meta http-equiv=3D"content-type" content=3D"text/html; charset=3DUTF-8"> <p style=3D"margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;"><spa= n style=3D"font-size:0.83em;">On Monday, December 23, 2024 7:23:35 PM UTC Bj= oern A. Zeeb wrote:</span></p> <p style=3D"margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">>= On Sat, 21 Dec 2024, Bjoern A. Zeeb wrote:</p> <p style=3D"margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">>= >> Any thoughts/comments?</p> <p style=3D"margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">>= > </p> <p style=3D"margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">>= > That all said with your opt-in approach if the code itself doesn't bri= ng</p> <p style=3D"margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">>= > too many new complications I'd be happy with it (assuming FIBs still</= p> <p style=3D"margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">>= > have a use case).</p> <p style=3D"margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">>= </p> <p style=3D"margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">>= Seems there's plenty people using multi-FIB in various scenarios still,</p>= <p style=3D"margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">>= which is good to know.</p> <p style=3D"margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">>= </p> <p style=3D"margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">>= Go for it.</p> <br><p style=3D"margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">= i've been thinking along these lines for a few years now, since my vm server= is multi-fib. each interface has a fib, mostly zero. for incoming TCP SYNs,= i'd like to carry that fib# into the resulting PCB so that that fib's routi= ng table and especially its default route will be used for that connection. y= es, i can do that with ipfw, and am in fact doing so now. however, that's cr= ocky. i think defaulting to the interface FIB for connections created and ma= intained by the kernel should always happen -- not opt-in, not opt-out, just= always. is it worth me sending a patch that does this or would it be consid= ered controversial?</p> <br><p style=3D"margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">= (making this happen for UDP is also interesting but is a separate matter sin= ce those servers already have to maintain socket-per-interface in order to g= et their source addresses to match the client's destination address.)</p> <br><p style=3D"margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">= -- </p> <p style=3D"margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">Paul= Vixie</p> </div></blockquote></body></html>= --Apple-Mail-4EB0C1F2-E6B5-4BB7-BD5D-7D078539BAD4--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?28EF197D-0D10-449A-A3C5-8B931F31CA6C>