Re: Regarding offloading IPv6 addrconf and ndisc

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Jamal Hadi Salim <hadi@cyberus.ca>
To: Roland Dreier <rdreier@cisco.com>
Cc: David Miller <davem@davemloft.net>,
	ak@suse.de, herbert@gondor.apana.org.au, kazunori@miyazawa.org,
	yoshfuji@linux-ipv6.org, netdev@vger.kernel.org,
	usagi-core@linux-ipv6.org
Subject: Re: Regarding offloading IPv6 addrconf and ndisc
Date: Mon, 31 Jul 2006 21:24:27 -0400	[thread overview]
Message-ID: <1154395467.5170.31.camel@jzny2> (raw)
In-Reply-To: <ada7j1t700x.fsf@cisco.com>

On Mon, 2006-31-07 at 17:49 -0700, Roland Dreier wrote:
>     David> Why is this a relevant analogy?  Well, you have physical
>     David> hard-disks in your computer today, but at some point that
>     David> device becomes largely superfluous.  It makes more sense to
>     David> have just a cpu with a 10-gigabit ethernet interface
>     David> incorporated onto the cpu die, and the majority if not all
>     David> of your disk access is remote.
> 
> Isn't most of the iSCSI control plane in userspace right now?

I know iscsi is supposed to integrate with ipsec as well (and SLP for
discovery) - does that happen in user space as well?

Dave (I am under heavy flu dose, so I may be incoherent;->) but heres a
devils advocate bit for you:
TCP FIN/SYN are just control packets - so move the connection
setup/teardown out to user space;->. You can then add all sorts of funky
DOS detection/prevention schemes as needed - makes it easy to experiment with. 
Actually move the slow path as well, SACK processing etc (i know it is in process
context today, but thats in the kernel). Just leave VJs fast path in the
kernel. Extend the user space bit to be the new VJ (channels stuff but
just for control) - asynch notification to carry the control/slow path
packets to user space.

In regards to ARP/NDISC being in user space: note people are talking
about secure DHCP or some form of initial pre-layer2 addressing over EAP
or something along those lines; i.e if you are not securely validated at
the L2 level you are not even getting an IP address. 

In regards to reliability: The thing that really fscks people using
daemons from what i have seen is the oom killer policies and the lack of
correlation by apps. I just watched quagga die horribly on a 256M
machine on friday once we hit around 100K routes and a lot of route
cache hits. So apps like that may need a total rewrite. I am not looking
forward to trying to get racoon to do 50K SAs and 100K SPDs on the same
machine ;->

I think I like what Hugo is saying ;-> I just hope he has time and
resources to produce code. 

cheers,
jamal

next prev parent reply	other threads:[~2006-08-01  1:24 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-07-27 11:25 Regarding offloading IPv6 addrconf and ndisc Hugo Santos
2006-07-27 12:25 ` Kazunori Miyazawa
2006-07-27 17:56   ` Hugo Santos
2006-07-27 23:56   ` Herbert Xu
2006-07-28  1:34     ` David Miller
2006-07-28  1:45       ` Hugo Santos
2006-07-28  2:27         ` David Miller
2006-07-28  3:13           ` Hugo Santos
2006-07-28  3:20             ` David Miller
2006-07-28  3:31               ` Hugo Santos
2006-07-28  4:07                 ` Stephen Hemminger
2006-07-28  8:34                   ` Hugo Santos
2006-07-28 12:45                     ` Jamal Hadi Salim
2006-07-29 13:34                       ` Hugo Santos
2006-07-30  3:28                         ` Kazunori Miyazawa
2006-07-30 11:30                           ` Hugo Santos
2006-07-31 21:23                             ` David Miller
2006-08-01 11:50                               ` Hugo Santos
2006-08-01 21:54                                 ` David Miller
2006-08-01  0:16                             ` Kazunori Miyazawa
2006-07-28  2:22       ` Herbert Xu
2006-07-28  2:33         ` David Miller
2006-08-01  0:31       ` Andi Kleen
2006-08-01  0:46         ` David Miller
2006-08-01  0:49           ` Roland Dreier
2006-08-01  1:24             ` Jamal Hadi Salim [this message]
2006-08-01  1:30               ` Herbert Xu
2006-08-01  1:47                 ` Jamal Hadi Salim
2006-08-01 12:13                   ` Hugo Santos
2006-08-01 12:00           ` Hugo Santos
2006-08-01 21:57             ` David Miller
2006-08-03 13:28               ` Ingo Oeser

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1154395467.5170.31.camel@jzny2 \
    --to=hadi@cyberus.ca \
    --cc=ak@suse.de \
    --cc=davem@davemloft.net \
    --cc=herbert@gondor.apana.org.au \
    --cc=kazunori@miyazawa.org \
    --cc=netdev@vger.kernel.org \
    --cc=rdreier@cisco.com \
    --cc=usagi-core@linux-ipv6.org \
    --cc=yoshfuji@linux-ipv6.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).