Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 21 Mar 2013 14:54:09 +0100
From:      Fleuriot Damien <ml@my.gd>
To:        =?iso-8859-1?Q?Ermal_Lu=E7i?= <eri@freebsd.org>
Cc:        freebsd-net <freebsd-net@freebsd.org>
Subject:   Re: Best way for an app to accept traffic on 30,000+ interfaces?
Message-ID:  <96327F03-86EC-4EE6-9679-F66A960BDDB4@my.gd>
In-Reply-To: <CAPBZQG2eZ3C68HaAPRUehBJ62L%2B87-LdLRrMRkzj=-09dHKrYA@mail.gmail.com>
References:  <20130321005959.98706.qmail@f5-external.bushwire.net> <CAPBZQG2eZ3C68HaAPRUehBJ62L%2B87-LdLRrMRkzj=-09dHKrYA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Mar 21, 2013, at 9:25 AM, Ermal Lu=E7i <eri@freebsd.org> wrote:

> On Thu, Mar 21, 2013 at 1:59 AM, Mark D =
<markd-freebsd-net@bushwire.net>wrote:
>=20
>> (Hopefully this isn't too out-of-scope for this list..)
>>=20
>> I have an application in mind that I'd like to have accept/respond to
>> UDP queries sent to perhaps 30K contiguous IP addresses (most likely
>> IPV6 addresses because such ranges are easy to come by, but
>> conceptually ipv4 as well).
>>=20
>> This would all be on a small number of FBSD instances.
>>=20
>> Though it could be done, I don't really want to create 30K interfaces
>> and have the application bind 30K sockets as it's not clear if that
>> will scale if I try an address range that expands to, say, 1M IPs
>> wide.
>>=20
>> This address range would be internet-facing and responding to random
>> remote clients.
>>=20
>> My first thought is to use SOCK_RAW in much the same way that natd
>> does - at least to receive the traffic.
>>=20
>> Is that a sensible and viable approach or is there a better/easier
>> way?
>>=20
>>=20
>> Mark.
>> _______________________________________________
>> freebsd-net@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-net
>> To unsubscribe, send any mail to =
"freebsd-net-unsubscribe@freebsd.org"
>>=20
>=20
>=20
> How about firing up one of the firewall/pfil(9) consumers like =
(ipfw/pf)
> and adding rules to redirect traffic to a socket bound on loopback?
>=20
> --=20
> Ermal


I fail to see how that's different from what I suggested with PF's rdr =
rule ?

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?96327F03-86EC-4EE6-9679-F66A960BDDB4>