On Fri, Mar 21, 2008 at 4:47 PM, Brett Glass <[EMAIL PROTECTED]> wrote: > Everyone: > > I have recently been building FreeBSD VPN servers which can accept > 50 to 100 PPTP connections. PPTP is, essentially, PPP over GRE > (with a TCP control connection), so we have large numbers of > packets passing in and out using GRE. Unfortunately, GRE on FreeBSD > doesn't currently have a multiplexing function as does TCP. If > userland PPP and pptpd are used to handle the PPTP sessions, each > GRE packet is passed to the first pptpd process. If the call ID > doesn't match, it's passed to the next, and then the next, and so > on. What's more, each test requires a "bounce" into and out of the > kernel. mpd, which uses netgraph, does more of the work within the > kernel, but the testing still takes place in linear time -- and the > potential delay increases with the number of PPTP sessions that > have been established. The packet is bounced from one netgraph node > to another until one of them accepts it or the packet falls off the > end of the chain. > > It seems to me that it might be worth it to implement a > multiplexing function that dispatches the packet directly to the > right process or netgraph node rather than passing it from hand to > hand. Thoughts? >
ng_gif_demux does the same it shouldn't be to hard to come with something similar for pptp. If you find the time and do it please share. > --Brett Glass > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
