Date: Mon, 20 May 1996 08:37:53 -0700 From: bmah@cs.berkeley.edu (Bruce A. Mah) To: Tony Kimball <alk@think.com> Cc: questions@freebsd.org Subject: Re: ip masquerading Message-ID: <199605201537.IAA09391@premise.CS.Berkeley.EDU> In-Reply-To: Your message of "Sun, 19 May 1996 02:50:51 CDT." <199605190750.CAA08095@compound.Think.COM>
next in thread | previous in thread | raw e-mail | index | archive | help
Tony Kimball writes: > > You're not alone...I'm trying to figure this out too. I've been > looking through RFC 1122 (Host Requirements - Communications Layers) > and RFC 1812 (Requirements for IP Version 4 Routers). I think these > are probably the right places to find info related to this topic, but > so far I haven't found it. > > I don't recall whether it was private mail, but Terry did mention > router and MTU discovery, concretely. According to the masq archives > at http:/www.indyramp.com/masq MTU discovery works in linux as of > 5/16/96, so that prevalent estimations of what is feasibly > accomplished in a masquerade implementation may be obsolete. > I have not been able to exert the effort yet to determine whether > there is an extant problem with router discovery in linux masquerade. Thanks for the info. I'll look it up on my "copious spare time". :-) > IMO: The lack of masquerade is likely to prove the most significant > disability of FBSD relative to Linux, vis a vis market requirements > in the forseeable future. My most vulnerable assumption, in forming > this opinion, is probably my estimate of the proportion of potential > free unix users with multiple home machines *and* one of either multiple > home users or a dedicated/demand Internet connection. This is probably going to come over in the wrong way, but: 1. I'm sure that besides IP masquerading there are many reasons why a user would choose one OS over another. It's just one "feature" out of an entire "product", and it needs to be evaluated in a larger context. 2. While FreeBSD and Linux are competing "products", it's not as though they are commercial products, produced by companies who have to worry about retaining market share to satisfy the shareholders. 3. Corollary to #2: "Because Linux does it" is not a really good reason to do something. > I do not share your feeling that this is the wrong thing to do, partly > because I have seen mostly FUD from the con camp. (This is not > necessarily a criticism of any con postings, however -- there can be > perfectly valid reasons to post FUD, and I believe some may pertain > here.) I do heartily endorse the notion that intentionally > introducing defects into the IP stack is a non-starter. The scorecard > right now tells me that iff pertinent RFC 1256 router discovery > requirements are not feasibly satisfiable in a masquerade > implementation, it is not an acceptable approach. (Goes to look up "FUD" in the jargon file..."fear, uncertainty, and doubt", oh.) OK. Here are my technical gripes with IP masquerading: 1. It introduces hard state in the gateway machine. If the gateway goes down and comes back up, you lose all the connections through it. Note that some other approaches such as application-specific gateways have this problem too. 2. The Linux implementation (which I've examined *briefly*) puts all kinds of application-specific stuff *in kernel*. There are all kinds of clever tricks to get FTP, RealAudio, and other applications to work right. Layering? What layering? 3. There already exist other methods for doing what IP masquerading does (for example SOCKs, application-specific gateways). Why does FreeBSD need another? 4. It's not a general purpose solution (e.g. ICMP doesn't work, UDP support is a hack). For example, how would I ping outside my local network to track down problems? Just so people don't think I'm completely one-sided about this: 1. IP masquerading does slow down the rate that addresses get used up, and, more importantly, the routing table size at the neighboring network. 2. Extremely reluctantly, "Linux does it". In peace, Bruce.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199605201537.IAA09391>