lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Sep 2016 08:15:21 -0600 From: David Ahern <dsa@...ulusnetworks.com> To: Vincent Bernat <vincent@...nat.im>, "David S. Miller" <davem@...emloft.net>, Nicolas Dichtel <nicolas.dichtel@...nd.com>, Wilson Kok <wkok@...ulusnetworks.com>, netdev@...r.kernel.org Subject: Re: [net v1] fib_rules: interface group matching On 9/14/16 6:40 AM, Vincent Bernat wrote: > When a user wants to assign a routing table to a group of incoming > interfaces, the current solutions are: > > - one IP rule for each interface (scalability problems) > - use of fwmark and devgroup matcher (don't work with internal route > lookups, used for example by RPF) > - use of VRF devices (more complex) Why do you believe that? A VRF is a formalized grouping of interfaces that includes an API for locally generated traffic to specify which VRF/group to use. And, with the l3mdev rule you only need 1 rule for all VRFs regardless of the number which is the best solution to the scalability problem of adding rules per device/group/VRF. What use case are trying to solve?
Powered by blists - more mailing lists