|
ru.unix.bsd
- RU.UNIX.BSD ------------------------------------------------------------------
From : Sergey Matveychuk 2:5020/400 05 Mar 2008 17:39:00
To : Eugene Grosbein
Subject : Re: 7.0 network performance
--------------------------------------------------------------------------------
Eugene Grosbein пишет:
> 03 мар 2008, понедельник, в 01:08 KRAT, Mykola Dzham написал(а):
>
> MD> Кстати а есть сейчас какие-то основания не использовать fastforwarding?
>
> Отсутствие четкой документации насчет "чем отличается".
В файле ip_fastfwd.c сказано следующее:
ip_fastforward gets its speed from processing the forwarded packet to
completion (if_output on the other side) without any queues or netisr's.
The receiving interface DMAs the packet into memory, the upper half of
driver calls ip_fastforward, we do our routing table lookup and directly
send it off to the outgoing interface, which DMAs the packet to the
network card. The only part of the packet we touch with the CPU is the
IP header (unless there are complex firewall rules touching other parts
of the packet, but that is up to you). We are essentially limited by bus
bandwidth and how fast the network card/driver can set up receives and
transmits.
We handle basic errors, IP header errors, checksum errors,
destination unreachable, fragmentation and fragmentation needed and
report them via ICMP to the sender.
Else if something is not pure IPv4 unicast forwarding we fall back to
the normal ip_input processing path. We should only be called from
interfaces connected to the outside world.
Firewalling is fully supported including divert, ipfw fwd and ipfilter
ipnat and address rewrite.
IPSEC is not supported if this host is a tunnel broker. IPSEC is
supported for connections to/from local host.
We try to do the least expensive (in CPU ops) checks and operations
first to catch junk with as little overhead as possible.
We take full advantage of hardware support for IP checksum and
fragmentation offloading.
We don't do ICMP redirect in the fast forwarding path. I have had my own
cases where two core routers with Zebra routing suite would send millions
ICMP redirects to connected hosts if the destination router was not the
default gateway. In one case it was filling the routing table of a host
with approximately 300.000 cloned redirect entries until it ran out of
kernel memory. However the networking code proved very robust and it didn't
crash or fail in other ways.
Вроде говорили, что dummynet с ним не работает. Hо я не пробовал.
--- ifmail v.2.15dev5.4
* Origin: Dark side of coredump (2:5020/400)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
|
Re: 7.0 network performance 