From owner-freebsd-net@FreeBSD.ORG Mon Jul 20 15:14:07 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BEE9B106564A for ; Mon, 20 Jul 2009 15:14:07 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outD.internet-mail-service.net (outd.internet-mail-service.net [216.240.47.227]) by mx1.freebsd.org (Postfix) with ESMTP id 9FDAD8FC0A for ; Mon, 20 Jul 2009 15:14:07 +0000 (UTC) (envelope-from julian@elischer.org) Received: from idiom.com (mx0.idiom.com [216.240.32.160]) by out.internet-mail-service.net (Postfix) with ESMTP id 3B8D3B2E72; Mon, 20 Jul 2009 08:14:07 -0700 (PDT) X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (home.elischer.org [216.240.48.38]) by idiom.com (Postfix) with ESMTP id B0E6F2D601B; Mon, 20 Jul 2009 08:14:06 -0700 (PDT) Message-ID: <4A6489BF.50207@elischer.org> Date: Mon, 20 Jul 2009 08:14:07 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.22 (Macintosh/20090605) MIME-Version: 1.0 To: "Jacobs, Brian" References: <126E45722B459248997856ECB72DEB7701285DC0@host.lodgenet.com><4A5F5927.3080904@elischer.org> <126E45722B459248997856ECB72DEB7701285DC2@host.lodgenet.com> <126E45722B459248997856ECB72DEB7701285DED@host.lodgenet.com> In-Reply-To: <126E45722B459248997856ECB72DEB7701285DED@host.lodgenet.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, Philip Paeps Subject: Re: GRE tunnel limitations X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Jul 2009 15:14:08 -0000 Jacobs, Brian wrote: > For all interested, I've been doing some implementation work over the > weekend. Tonight I did a cutover of 766 GRE tunnels to a RELENG_7 box: good to know, though load with traffic is more important. talk to Philip Paeps about crypto support.. some crypto offload cards slow down the system.. you need to have a PCI-E one or PCI-X at slowest for it to be worth while on a fast machine. (CC'd) > > [root@yttrium /lso/dev/real]# uname -a > FreeBSD yttrium.colo.XXXXXXXXXX.net 7.1-RELEASE FreeBSD 7.1-RELEASE #1: > Mon Apr 13 11:37:56 EDT 2009 bjacobs@yttrium.colo. > XXXXXXXXXX.net:/usr/obj/usr/src/sys/YTTRIUM i386 > [root@yttrium /lso/dev/real]# ifconfig |grep gre |wc -l > 766 > [root@yttrium /lso/dev/real]# netstat -nr |wc -l > 1494 > [root@yttrium /lso/dev/real]# uptime > 5:32AM up 74 days, 11:01, 5 users, load averages: 0.00, 0.26, 0.59 > > Load average is nothing (hovers between 0 and .20), although there isn't > much traversing the tunnels (yet), nor have we implemented IPsec (yet -- > next step, have crypto card if needed). Another project commencing > shortly will push/pull about 10mb/s aggregate (estimate) across the > collective tunnels. > > Please advise if the group (or any individuals) want performance data > from real world usage. > > /bmj > > > -----Original Message----- > From: owner-freebsd-net@freebsd.org > [mailto:owner-freebsd-net@freebsd.org] On Behalf Of Jacobs, Brian > Sent: Thursday, July 16, 2009 12:50 PM > To: Julian Elischer > Cc: freebsd-net@freebsd.org > Subject: RE: GRE tunnel limitations > > IP unnumbered between the two boxen. I've built some scripts to > automatically generate config files, and then other scripts to > automagically create the GRE interfaces and inject appropriate routes. > > GRE numbers are assigned sequentially based on config file lines (and > are of no consequence): > > gre45: flags=9051 metric 0 mtu > 1476 > tunnel inet 10.3.100.39 --> 207.230.84.130 > inet 10.3.100.39 --> 10.11.146.129 netmask 0xffffffff > gre46: flags=9051 metric 0 mtu > 1476 > tunnel inet 10.3.100.39 --> 12.35.57.131 > inet 10.3.100.39 --> 10.10.201.1 netmask 0xffffffff > > 10.3.100.39 is the primary Ethernet interface address of the local box > (terminator). 10.10.201.1 is the inside Ethernet of the remote box. > > Routing statement for 10.0.0.0/8 live on the remote box, and individual > routes live on the concentrator: > > root@yttrium /root# netstat -nr | grep 10.10.201 > 10.10.201.0/26 10.10.201.1 UGS 0 2042 gre46 > 10.10.201.1 10.3.100.39 UH 1 49263 gre46 > > /bmj > > > -----Original Message----- > From: Julian Elischer [mailto:julian@elischer.org] > Sent: Thursday, July 16, 2009 12:45 PM > To: Jacobs, Brian > Cc: freebsd-net@freebsd.org > Subject: Re: GRE tunnel limitations > > Jacobs, Brian wrote: >> Does anyone have some realistic data on the number of GRE/ipip tunnels >> FreeBSD 7.x can reasonably terminate? Assume no IPsec, just standard >> encapsulation. I have an ad-hoc need to terminate about 1,4000 static >> GRE tunnels (as Cisco 7206's are backordered until September). J >> >> >> >> Thanks in advance! >> >> >> >> /bmj >> >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > > > The limitation would be that there is an interface for reach one and > the interface 'interface' uses a linked list. it might work but there > would probably be scaling issues. > > I've often thought that what we need is a way to do "bulk encapsulatin > interfaces" where there is not an "interface" assigned to each > destination. (at least not one that shows up in 'ifconfig'). > > How will you want to decide which gre interface to use for a given > packet? is it just a standard routing decision based on the remote > address? > > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"