Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Sun, 8 Dec 2002 10:55:56 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Sun, 8 Dec 2002 10:55:56 -0500 Received: from mail.ithnet.com ([217.64.64.8]:28170 "HELO heather.ithnet.com") by vger.kernel.org with SMTP id ; Sun, 8 Dec 2002 10:55:55 -0500 Date: Sun, 8 Dec 2002 17:03:36 +0100 From: Stephan von Krawczynski To: Roberto Nibali Cc: willy@w.ods.org, linux-kernel@vger.kernel.org Subject: Re: hidden interface (ARP) 2.4.20 Message-Id: <20021208170336.5f4deaf1.skraw@ithnet.com> In-Reply-To: <3DF2848F.2010900@drugphish.ch> References: <1039124530.18881.0.camel@rth.ninka.net> <20021205140349.A5998@ns1.theoesters.com> <3DEFD845.1000600@drugphish.ch> <20021205154822.A6762@ns1.theoesters.com> <3DF2848F.2010900@drugphish.ch> Organization: ith Kommunikationstechnik GmbH X-Mailer: Sylpheed version 0.8.6 (GTK+ 1.2.10; i686-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1625 Lines: 39 On Sun, 08 Dec 2002 00:30:23 +0100 Roberto Nibali wrote: > Hello, > > [Maybe we should discuss this in private, it doesn't have a lot to do > with kernel development anymore.] To be honest: I think this _is_ indeed a kernel development issue. We are somehow talking of a performance lack that can be overcome by a simple patch (call it hack) and some brain. > > Because when you have to deal with thousands of session per second, NAT is > > really a pain in the ass. When you have to consider security, NAT is a pain > > Not with a HW LB, and with a SW LB (LVS-NAT) you can very well sustain > 20000 NAT'd load balanced connections with 5 minutes of stickyness > (persistency) with 1GB RAM and a PIII Tualatin with 512 kb L2 cache. I'm > not sure if you meant this when mentioning pain. I guess he probably meant a _bit_ more. I may add some zeros to your 20000 to give you a glimpse of a _standard_ load we are talking about. And you can easily do this with the hardware you mentioned _not_ using NAT (of course ;-). I guess it would really be a great help if someone did tests like Cons' "overall performance" ones for network performance explicitly. Like e.g. performance for various packet-sizes of all available protocol types, possibly including NAT connections. We have no comparable figures at hand right now, I guess. -- Regards, Stephan - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/