Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1423788AbWJaSqT (ORCPT ); Tue, 31 Oct 2006 13:46:19 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1423784AbWJaSqS (ORCPT ); Tue, 31 Oct 2006 13:46:18 -0500 Received: from hobbit.corpit.ru ([81.13.94.6]:54109 "EHLO hobbit.corpit.ru") by vger.kernel.org with ESMTP id S1423786AbWJaSqQ (ORCPT ); Tue, 31 Oct 2006 13:46:16 -0500 Message-ID: <454799F3.1020609@tls.msk.ru> Date: Tue, 31 Oct 2006 21:46:11 +0300 From: Michael Tokarev Organization: Telecom Service, JSC User-Agent: Thunderbird 1.5.0.7 (X11/20060915) MIME-Version: 1.0 To: Peter Hicks CC: linux-kernel@vger.kernel.org Subject: Re: Thousands of interfaces References: <20061031092550.GA8201@tufnell.london.poggs.net> In-Reply-To: <20061031092550.GA8201@tufnell.london.poggs.net> X-Enigmail-Version: 0.94.0.0 OpenPGP: id=4F9CF57E Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1499 Lines: 30 Peter Hicks wrote: > All, > > I have a dual 3GHz Xeon machine with a 2.4.21 kernel and thousands (15k+) of > ipip tunnel interfaces. These are being used to tunnel traffic from remote > routers, over a private network, and handed off to a third party. [] > Is there a userspace program which would handle this application better than > using interfaces? Not that it may be suitable for your case because of various reasons (including but not limited to your use of specific - IPIP - type of tunnels, interoperability issues), but take a look at the tinc principles -- http://www.tinc-vpn.org/ . They use single interface (based on tun driver) and a single select-loop-based userspace program. Initially you configure routing to route ALL your peer's traffic to this interface, and next tincd takes care of {dis,re}appearing peers, shortest pathes, {un}reachability of certain networks and so on. I don't know whenever their implementation scales up to 15K+ peers any better than current in-kernel implementation, but I think it's easier to deal with this stuff in userspace anyway. And the principles which are in the base of tinc are very.. interesting and are unique (as far as I know) to it, making this solution ideal for certain setups. /mjt - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/