Best way for an app to accept traffic on 30,000+ interfaces?
Michael MacLeod
mikemacleod at gmail.com
Thu Mar 21 13:08:15 UTC 2013
Ermal is probably on the right track. Working in a load balanced
environment I've personally done three contiguous /20 blocks using
three loopback interfaces on linux hosts. I'd imagine that FreeBSD
should behave similarly. The only fancy thing the load balancer did
was as packets destined for one of the VIPs, it would forward the
packet to one of the linux hosts at layer 2, but wouldn't touch the
layer 3 headers at all, preserving that information. The host would
see the VIP address, and respond from it, because it existed on the
loopback interface. It worked well - you'll have to recreate similar
behaviour in your network. We did entire groups of contiguous /64
blocks in IPv6 in the same way.
On Thu, Mar 21, 2013 at 4:25 AM, Ermal Luçi <eri at freebsd.org> wrote:
> On Thu, Mar 21, 2013 at 1:59 AM, Mark D <markd-freebsd-net at bushwire.net>wrote:
>
>> (Hopefully this isn't too out-of-scope for this list..)
>>
>> I have an application in mind that I'd like to have accept/respond to
>> UDP queries sent to perhaps 30K contiguous IP addresses (most likely
>> IPV6 addresses because such ranges are easy to come by, but
>> conceptually ipv4 as well).
>>
>> This would all be on a small number of FBSD instances.
>>
>> Though it could be done, I don't really want to create 30K interfaces
>> and have the application bind 30K sockets as it's not clear if that
>> will scale if I try an address range that expands to, say, 1M IPs
>> wide.
>>
>> This address range would be internet-facing and responding to random
>> remote clients.
>>
>> My first thought is to use SOCK_RAW in much the same way that natd
>> does - at least to receive the traffic.
>>
>> Is that a sensible and viable approach or is there a better/easier
>> way?
>>
>>
>> Mark.
>> _______________________________________________
>> freebsd-net at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-net
>> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>>
>
>
> How about firing up one of the firewall/pfil(9) consumers like (ipfw/pf)
> and adding rules to redirect traffic to a socket bound on loopback?
>
> --
> Ermal
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
More information about the freebsd-net
mailing list