lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 31 Oct 2006 21:46:11 +0300
From:	Michael Tokarev <mjt@....msk.ru>
To:	Peter Hicks <peter.hicks@...gs.co.uk>
CC:	linux-kernel@...r.kernel.org
Subject: Re: Thousands of interfaces

Peter Hicks wrote:
> All,
> 
> I have a dual 3GHz Xeon machine with a 2.4.21 kernel and thousands (15k+) of
> ipip tunnel interfaces.  These are being used to tunnel traffic from remote
> routers, over a private network, and handed off to a third party.
[]
> Is there a userspace program which would handle this application better than
> using interfaces?

Not that it may be suitable for your case because of various reasons (including
but not limited to your use of specific - IPIP - type of tunnels, interoperability
issues), but take a look at the tinc principles -- http://www.tinc-vpn.org/ .  They
use single interface (based on tun driver) and a single select-loop-based userspace
program.  Initially you configure routing to route ALL your peer's traffic to this
interface, and next tincd takes care of {dis,re}appearing peers, shortest pathes,
{un}reachability of certain networks and so on.

I don't know whenever their implementation scales up to 15K+ peers any better than
current in-kernel implementation, but I think it's easier to deal with this stuff
in userspace anyway.  And the principles which are in the base of tinc are very..
interesting and are unique (as far as I know) to it, making this solution ideal for
certain setups.

/mjt
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ