Brett Glass wrote:
Everyone:
I have recently been building FreeBSD VPN servers which can accept 50 to
100 PPTP connections. PPTP is, essentially, PPP over GRE (with a TCP
control connection), so we have large numbers of packets passing in and
out using GRE. Unfortunately, GRE on FreeBSD doesn't currently have a
multiplexing function as does TCP. If userland PPP and pptpd are used to
handle the PPTP sessions, each GRE packet is passed to the first pptpd
process. If the call ID doesn't match, it's passed to the next, and then
the next, and so on. What's more, each test requires a "bounce" into and
out of the kernel. mpd, which uses netgraph, does more of the work
within the kernel, but the testing still takes place in linear time --
and the potential delay increases with the number of PPTP sessions that
have been established. The packet is bounced from one netgraph node to
another until one of them accepts it or the packet falls off the end of
the chain.
It seems to me that it might be worth it to implement a multiplexing
function that dispatches the packet directly to the right process or
netgraph node rather than passing it from hand to hand. Thoughts?
if it takes you more than 1 day to write a netgraph function to do it
you are taking too many coffee breaks.
mpd could probably do it automatically as it already does a lot of
netgraph munging.
--Brett Glass
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
