julian at elischer.org
Fri Mar 21 11:54:45 PDT 2008
Brett Glass wrote:
> I have recently been building FreeBSD VPN servers which can accept 50 to
> 100 PPTP connections. PPTP is, essentially, PPP over GRE (with a TCP
> control connection), so we have large numbers of packets passing in and
> out using GRE. Unfortunately, GRE on FreeBSD doesn't currently have a
> multiplexing function as does TCP. If userland PPP and pptpd are used to
> handle the PPTP sessions, each GRE packet is passed to the first pptpd
> process. If the call ID doesn't match, it's passed to the next, and then
> the next, and so on. What's more, each test requires a "bounce" into and
> out of the kernel. mpd, which uses netgraph, does more of the work
> within the kernel, but the testing still takes place in linear time --
> and the potential delay increases with the number of PPTP sessions that
> have been established. The packet is bounced from one netgraph node to
> another until one of them accepts it or the packet falls off the end of
> the chain.
> It seems to me that it might be worth it to implement a multiplexing
> function that dispatches the packet directly to the right process or
> netgraph node rather than passing it from hand to hand. Thoughts?
if it takes you more than 1 day to write a netgraph function to do it
you are taking too many coffee breaks.
mpd could probably do it automatically as it already does a lot of
> --Brett Glass
> freebsd-net at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
More information about the freebsd-net