From owner-freebsd-net@FreeBSD.ORG Mon Jul 20 09:30:20 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 68859106566C for ; Mon, 20 Jul 2009 09:30:20 +0000 (UTC) (envelope-from Brian.Jacobs@lodgenet.com) Received: from garbo.lodgenet.com (garbo.lodgenet.com [204.124.121.250]) by mx1.freebsd.org (Postfix) with ESMTP id 257F48FC1A for ; Mon, 20 Jul 2009 09:30:19 +0000 (UTC) (envelope-from Brian.Jacobs@lodgenet.com) Received: from hardy.lodgenet.com (hardy.lodgenet.com [10.16.101.109]) by garbo.lodgenet.com (8.12.11.20060308/8.12.11) with ESMTP id n6K9UIT7026571; Mon, 20 Jul 2009 04:30:18 -0500 Received: from sfcoex02.lodgenet.com (Not Verified[10.16.100.165]) by hardy.lodgenet.com with MailMarshal (v6, 4, 1, 5038) id ; Mon, 20 Jul 2009 04:30:18 -0500 Received: from host.lodgenet.com ([10.1.1.129]) by host.lodgenet.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 20 Jul 2009 04:30:17 -0500 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Mon, 20 Jul 2009 05:30:17 -0400 Message-ID: <126E45722B459248997856ECB72DEB7701285DED@host.lodgenet.com> In-Reply-To: <126E45722B459248997856ECB72DEB7701285DC2@host.lodgenet.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: GRE tunnel limitations Thread-Index: AcoGNNbm/PBfLtbTSturgrtD+n9ceQAACB1AALm2V9A= References: <126E45722B459248997856ECB72DEB7701285DC0@host.lodgenet.com><4A5F5927.3080904@elischer.org> <126E45722B459248997856ECB72DEB7701285DC2@host.lodgenet.com> From: "Jacobs, Brian" To: "Jacobs, Brian" , "Julian Elischer" , X-OriginalArrivalTime: 20 Jul 2009 09:30:17.0871 (UTC) FILETIME=[B1B601F0:01CA091C] Cc: Subject: RE: GRE tunnel limitations X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Jul 2009 09:30:20 -0000 For all interested, I've been doing some implementation work over the weekend. Tonight I did a cutover of 766 GRE tunnels to a RELENG_7 box: [root@yttrium /lso/dev/real]# uname -a FreeBSD yttrium.colo.XXXXXXXXXX.net 7.1-RELEASE FreeBSD 7.1-RELEASE #1: Mon Apr 13 11:37:56 EDT 2009 bjacobs@yttrium.colo. XXXXXXXXXX.net:/usr/obj/usr/src/sys/YTTRIUM i386 [root@yttrium /lso/dev/real]# ifconfig |grep gre |wc -l 766 [root@yttrium /lso/dev/real]# netstat -nr |wc -l=20 1494 [root@yttrium /lso/dev/real]# uptime 5:32AM up 74 days, 11:01, 5 users, load averages: 0.00, 0.26, 0.59 Load average is nothing (hovers between 0 and .20), although there isn't much traversing the tunnels (yet), nor have we implemented IPsec (yet -- next step, have crypto card if needed). Another project commencing shortly will push/pull about 10mb/s aggregate (estimate) across the collective tunnels. Please advise if the group (or any individuals) want performance data from real world usage. /bmj -----Original Message----- From: owner-freebsd-net@freebsd.org [mailto:owner-freebsd-net@freebsd.org] On Behalf Of Jacobs, Brian Sent: Thursday, July 16, 2009 12:50 PM To: Julian Elischer Cc: freebsd-net@freebsd.org Subject: RE: GRE tunnel limitations IP unnumbered between the two boxen. I've built some scripts to automatically generate config files, and then other scripts to automagically create the GRE interfaces and inject appropriate routes. GRE numbers are assigned sequentially based on config file lines (and are of no consequence): gre45: flags=3D9051 metric 0 mtu 1476 tunnel inet 10.3.100.39 --> 207.230.84.130 inet 10.3.100.39 --> 10.11.146.129 netmask 0xffffffff=20 gre46: flags=3D9051 metric 0 mtu 1476 tunnel inet 10.3.100.39 --> 12.35.57.131 inet 10.3.100.39 --> 10.10.201.1 netmask 0xffffffff 10.3.100.39 is the primary Ethernet interface address of the local box (terminator). 10.10.201.1 is the inside Ethernet of the remote box. Routing statement for 10.0.0.0/8 live on the remote box, and individual routes live on the concentrator: root@yttrium /root# netstat -nr | grep 10.10.201 10.10.201.0/26 10.10.201.1 UGS 0 2042 gre46 10.10.201.1 10.3.100.39 UH 1 49263 gre46 /bmj -----Original Message----- From: Julian Elischer [mailto:julian@elischer.org]=20 Sent: Thursday, July 16, 2009 12:45 PM To: Jacobs, Brian Cc: freebsd-net@freebsd.org Subject: Re: GRE tunnel limitations Jacobs, Brian wrote: > Does anyone have some realistic data on the number of GRE/ipip tunnels > FreeBSD 7.x can reasonably terminate? Assume no IPsec, just standard > encapsulation. I have an ad-hoc need to terminate about 1,4000 static > GRE tunnels (as Cisco 7206's are backordered until September). J >=20 > =20 >=20 > Thanks in advance! >=20 > =20 >=20 > /bmj >=20 > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" The limitation would be that there is an interface for reach one and=20 the interface 'interface' uses a linked list. it might work but there=20 would probably be scaling issues. I've often thought that what we need is a way to do "bulk encapsulatin=20 interfaces" where there is not an "interface" assigned to each=20 destination. (at least not one that shows up in 'ifconfig'). How will you want to decide which gre interface to use for a given=20 packet? is it just a standard routing decision based on the remote=20 address? _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"