On 10/06/07 06:16, John Default wrote:
So, now i get it (after your first mail, it wasn't possible :)). I
think the idea is great, but.
What everything would you we actually avoid ? For correct operation we
will have to look at destination IP anyway, skipping only ip header
check (iphdr checksum, version, maybe length check), which consists of
functions that are implemented in very quick way (sum through 20B
written in assembly..) (probably few tens of nanoseconds on 1GHz processor)
True...
With the probability of damaged packet header we probably can skip
checking. But there are some security problems that can arise from that.
Agreed.
Then we avoid lookup in routing table. But routing already does have
cache (i don't know how effective) for routes to avoid doing the lookup
for each packet. Will this be much faster than route cache ?
Bringing it down to lower, dumber layer we risk that we will somehow
mess up policy routing, multipath routing and probably some other
advanced things.
Another thing is that turning the l3 switching on, router will start to
behave little bit different as usually, what could confuse the
administrator ...
I'm not thinking about making this an all or nothing type of
application. I would rather turn on L3 switching as desired and use the
existing kernel as is for any thing else. The intent is to not mess
things up, but optimize when basic routing will be the predominant task.
What about NAT and other packet-changing things in iptables (and QoS
marking and the like)? Stealing packet before layer3 processing we
avoid these things as well i think. Hm this could really become a problem.
There could be mechanism for detecting if packet is changed anyhow and
then we would not touch it, but if box is meant for changing packets,
then we would have to implement it too or process no packets at all
...(you are right, who would use l3 switch for NAT : ) )
This, again, is not a scenario for L3 switching, at least not in its
first incarnation. However basic NATing would not be difficult to
implement, just alter the source IP like the source MAC is altered.
... and you should probably decrement and check the ttl too : )
Agreed.
I just mentioned few things that came to my mind that might need to be
considered. But otherwise i think the idea is very nice. I will try to
find out more, just need to find time to read the source ; )
These are all very good points and deserve to be addressed. Thank you
for discussing things, that's exactly what I was wanting.
(disclaimer: I am just beginner, with my stupid questions i am just
trying to help your thinking process)
(See my last statement.)
Grant. . . .
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
