Re: Layer 3 switching...

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/06/07 06:16, John Default wrote:
So, now i get it (after your first mail, it wasn't possible :)). I think the idea is great, but.

What everything would you we actually avoid ? For correct operation we will have to look at destination IP anyway, skipping only ip header check (iphdr checksum, version, maybe length check), which consists of functions that are implemented in very quick way (sum through 20B written in assembly..) (probably few tens of nanoseconds on 1GHz processor)

True...

With the probability of damaged packet header we probably can skip checking. But there are some security problems that can arise from that.

Agreed.

Then we avoid lookup in routing table. But routing already does have cache (i don't know how effective) for routes to avoid doing the lookup for each packet. Will this be much faster than route cache ?

Bringing it down to lower, dumber layer we risk that we will somehow mess up policy routing, multipath routing and probably some other advanced things.

Another thing is that turning the l3 switching on, router will start to behave little bit different as usually, what could confuse the administrator ...

I'm not thinking about making this an all or nothing type of application. I would rather turn on L3 switching as desired and use the existing kernel as is for any thing else. The intent is to not mess things up, but optimize when basic routing will be the predominant task.

What about NAT and other packet-changing things in iptables (and QoS marking and the like)? Stealing packet before layer3 processing we avoid these things as well i think. Hm this could really become a problem. There could be mechanism for detecting if packet is changed anyhow and then we would not touch it, but if box is meant for changing packets, then we would have to implement it too or process no packets at all ...(you are right, who would use l3 switch for NAT : ) )

This, again, is not a scenario for L3 switching, at least not in its first incarnation. However basic NATing would not be difficult to implement, just alter the source IP like the source MAC is altered.

... and you should probably decrement and check the ttl too : )

Agreed.

I just mentioned few things that came to my mind that might need to be considered. But otherwise i think the idea is very nice. I will try to find out more, just need to find time to read the source ; )

These are all very good points and deserve to be addressed. Thank you for discussing things, that's exactly what I was wanting.

(disclaimer: I am just beginner, with my stupid questions i am just trying to help your thinking process)

(See my last statement.)



Grant. . . .
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux