From owner-freebsd-net@FreeBSD.ORG Tue Aug 29 09:05:56 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ED66016A4DA for ; Tue, 29 Aug 2006 09:05:56 +0000 (UTC) (envelope-from dmitry@atlantis.dp.ua) Received: from postman.atlantis.dp.ua (postman.atlantis.dp.ua [193.108.47.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 30D6243D6E for ; Tue, 29 Aug 2006 09:05:52 +0000 (GMT) (envelope-from dmitry@atlantis.dp.ua) Received: from atlantis.dp.ua (localhost [127.0.0.1]) by postman.atlantis.dp.ua (8.13.1/8.13.1) with ESMTP id k7T95ls9095431 for ; Tue, 29 Aug 2006 12:05:47 +0300 (EEST) (envelope-from dmitry@atlantis.dp.ua) Received: from localhost (dmitry@localhost) by atlantis.dp.ua (8.13.1/8.13.1/Submit) with ESMTP id k7T95lUQ095428 for ; Tue, 29 Aug 2006 12:05:47 +0300 (EEST) (envelope-from dmitry@atlantis.dp.ua) Date: Tue, 29 Aug 2006 12:05:47 +0300 (EEST) From: Dmitry Pryanishnikov To: freebsd-net@freebsd.org Message-ID: <20060829120351.D63269@atlantis.atlantis.dp.ua> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Subject: IP fastforwarding in RELENG_4 and CURRENT/RELENG_6 (fwd) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Aug 2006 09:05:57 -0000 Hello! Sorry for reposting my questions again, I hope they are interesting not only for me... What is the current status of the fast IP forwarding in RELENG_4 and in modern versions (CURRENT/RELENG_6)? I see that this code (either ip_flow.* in RELENG_4 or ip_fastfwd.c in RELENG_6) is always included into kernel (no separate option for it), but is disabled by default. What are drawbacks from enabling it (pure-IPv4 environment, heavy use of ipfw+divert+dummynet, occasionally use of IPSEC)? I haven't found any documentation for this option besides comments in ip_fastfwd.c, and those comments rose several questions: * Else if something is not pure IPv4 unicast forwarding we fall back to * the normal ip_input processing path. We should only be called from ----------------------------------------^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * interfaces connected to the outside world. ---^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ How to achieve this aim? I see no fastforwarding-specific options in ifconfig. * IPSEC is not supported if this host is a tunnel broker. IPSEC is * supported for connections to/from local host. Is it true for FAST_IPSEC? Am I understand 'tunnel broker' correctly: it's the host that wraps other host's traffic into the ESP using IPSEC tunnel mode? How about IPSEC transport mode? And the main question: does this description stands for ip_flow implementation in RELENG_4? If not, what are the differences? Sincerely, Dmitry -- Atlantis ISP, System Administrator e-mail: dmitry@atlantis.dp.ua nic-hdl: LYNX-RIPE