From: Lars Marowsky-Bree <lmb@suse.de>
To: Netdev <netdev@oss.sgi.com>
Cc: Linux Kernel <linux-kernel@vger.kernel.org>
Subject: Re: The ultimate TOE design
Date: Thu, 16 Sep 2004 11:03:28 +0200 [thread overview]
Message-ID: <20040916090328.GO26852@marowsky-bree.de> (raw)
In-Reply-To: <4148991B.9050200@pobox.com>
On 2004-09-15T15:33:47,
Jeff Garzik <jgarzik@pobox.com> said:
> Then, your host system OS will communicate with the Linux kernel running
> on the card across the PCI bus, using IP packets (64K fixed MTU).
>
> This effectively:
Actually, given that there's almost no reason to offload TCP/IP
processing for speed (better spent the money on CPU / memory for the
main system), I like the idea of this for security: Off-load the packet
filtering to create an additional security barrier. (Different CPU
architecture and all that.)
(With two cards, one could even use the conntrack fail-over internally.
- A Linux-running NIC with builtin firewalling, sell to all the windows
weenies... ;)
With dedicated processors, maybe a IP/Sec accelerator would also be
cool, but I'd think a crypto accelerator for the main system would again
be saner here (unless, of course, the argument of the security domain
isolation is applied again).
Admittedely, one can solve all these differently, but it still might be
cool. ;-)
Sincerely,
Lars Marowsky-Brée <lmb@suse.de>
--
High Availability & Clustering
SUSE Labs, Research and Development
SUSE LINUX AG - A Novell company
next prev parent reply other threads:[~2004-09-16 9:03 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-09-15 19:33 The ultimate TOE design Jeff Garzik
2004-09-15 20:04 ` Paul Jakma
2004-09-15 19:14 ` Alan Cox
2004-09-15 20:41 ` Jeff Garzik
2004-09-15 21:01 ` David S. Miller
2004-09-15 21:08 ` Jeff Garzik
2004-09-15 21:13 ` David S. Miller
2004-09-15 21:23 ` Jeff Garzik
2004-09-15 21:29 ` David S. Miller
2004-09-15 22:26 ` Jeff Garzik
2004-09-15 23:29 ` Leonid Grossman
2004-09-24 13:07 ` Lennert Buytenhek
2004-09-24 13:21 ` Leonid Grossman
2004-09-24 18:09 ` Lennert Buytenhek
2004-09-24 19:39 ` Joel Jaeggli
2004-09-16 0:57 ` jamal
2004-09-16 5:25 ` Leonid Grossman
2004-09-16 9:29 ` Lincoln Dale
2004-09-16 12:19 ` Alan Cox
2004-09-16 13:33 ` Andi Kleen
2004-09-16 12:57 ` Alan Cox
2004-09-16 22:37 ` Lincoln Dale
2004-09-17 13:38 ` Jörn Engel
2004-09-15 22:31 ` Jeff Garzik
2004-09-15 21:15 ` Michael Richardson
2004-09-15 20:53 ` David S. Miller
2004-09-16 1:05 ` Andrea Arcangeli
2004-09-15 21:10 ` David Lang
2004-09-15 23:05 ` Paul Jakma
2004-09-15 20:26 ` Neil Horman
2004-09-15 21:03 ` Wes Felter
2004-09-15 21:15 ` Jeff Garzik
2004-09-15 21:35 ` Wes Felter
2004-09-15 21:42 ` Jeff Garzik
2004-09-15 21:25 ` Imran Badr
2004-09-16 11:37 ` Neil Horman
2004-09-16 5:51 ` Matt Porter
2004-09-15 21:36 ` Deepak Saxena
2004-09-15 23:03 ` Paul Jakma
2004-09-24 13:11 ` Lennert Buytenhek
2004-09-15 21:59 ` Tony Lee
2004-09-15 20:11 ` David Stevens
2004-09-15 20:16 ` David Schwartz
2004-09-15 20:25 ` Jeff Garzik
2004-09-15 20:54 ` Neil Horman
2004-09-15 20:31 ` Bill Rugolsky Jr.
2004-09-15 21:41 ` Joel Jaeggli
2004-09-16 6:33 ` Valdis.Kletnieks
2004-09-17 6:46 ` Eric Mudama
2004-09-17 14:15 ` Alan Cox
2004-09-17 20:27 ` Valdis.Kletnieks
2004-09-17 20:36 ` David Lang
2004-09-17 23:20 ` Tony Lee
2004-09-17 23:36 ` Leonid Grossman
2004-09-22 23:25 ` Eric Mudama
2004-09-15 21:36 ` John Heffner
2004-09-15 21:46 ` David S. Miller
2004-09-16 6:20 ` Andi Kleen
2004-09-16 13:10 ` Leonid Grossman
2004-09-16 16:18 ` Nivedita Singhvi
2004-09-16 20:34 ` Leonid Grossman
2004-09-22 20:18 ` Nivedita Singhvi
2004-09-23 4:46 ` Leonid Grossman
2004-09-15 23:16 ` James Morris
2004-09-15 23:37 ` Leonid Grossman
2004-09-15 23:52 ` John Heffner
2004-09-16 1:43 ` James Morris
2004-09-16 9:03 ` Lars Marowsky-Bree [this message]
[not found] <1095328673.1063.130.camel@jzny.localdomain>
2004-09-16 14:57 ` Leonid Grossman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040916090328.GO26852@marowsky-bree.de \
--to=lmb@suse.de \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).