| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 03 Aug 2012 18:34:48 -0700 From: "Eric W. Biederman" <ebiederm@...ssion.com> To: Ali Ayoub <ali@...lanox.com>, David Miller <davem@...emloft.net> CC: ogerlitz@...lanox.com, roland@...nel.org, netdev@...r.kernel.org, sean.hefty@...el.com, erezsh@...lanox.co.il Subject: Re: [PATCH V2 09/12] net/eipoib: Add main driver functionality Ali Ayoub <ali@...lanox.com> wrote: > >With this driver, existing VMs, and their existing IP applications, can >run as-is on InfiniBand network. Actually it doesn't work like that. If my application really needs ethernet it will not work with your driver. I can not run decnet or appletalk or ATAoE or PPPoE or LACP or use VLANs or any of a thousand other things that require real live ethernet to function. Most VMs will talk to linux with a tap interface, and the output of a tap interface can be routed just fine, and that works with existing tools, and existing already deployed kernels. Alternatively if you are silly you can implement a tap interface on top of IPoIB and have the same interface you do now, and it works with existing already deployed kernels. So eIPoIB does not make sense from a time to market perspective. Similarly eIPoIB does not make sense from a performance standpoint because the best performance requires the applications and hypervisors are infiniband and teaching the apps to cope. eIPoIB also has considerable maintenance overhead as it is complex code doing some crazy things. Now personally NAPT44 just about made the internet unusable for peer to peer appications. NAT66 aka network prefix translation introduces much less breakage but it still requires someone to run STUN on IPv6 to keep applications working, ick. NATEIB aka eIPoIB just looks complex and already breaks most of ethernet and history says that kind of breakage actually matters a lot. I think everyone who suggests any kind of NAT is a good idea should have to implement RFC 5245 Interacive Connectivity Establishment. It takes 2 100+ page rfcs to come up with a way that allows applications to with the address munging over the open internet. That way takes 3000+ lines of code in each application. That is the kind of complexity you are asking people up stream of you to deal with your NATTing of ethernet to infiniband. So I totally think eIPoIB stinks, and that it does not at all let existing applications work without modification. Eric -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists