[lug] 3 Port Linux router

Nate Duehr nate at natetech.com
Wed Jun 13 14:49:55 MDT 2001 

Just some quick thoughts here.

I assume you mean you MASQ'ed stuff and ALSO had to enable IP Forwarding
with by echoing a '1' into /proc/sys/net/ipv4/ip_forward?  They are two
different things, and I think I'm just confused by your wording.  No
biggie.  Glad it's working.

If you rebuild the kernel custom for that machine you can enable
ip_forward by default if you like.  Just a nicety if you like the idea.

As far as speed goes, check out the latest USENIX ;login magazine for
some very disheartening real-world testing done by Oracle and shared
with the Linux 2.5 Kernel hackers at their recent conference.

- Performance numbers for Linux in general for network stuff were very low
compared to FreeBSD (FreeBSD 77 kilopackets/sec, Linux 25 kpps.)
- SCSI support in SMP 2.4 kernels appears to have been very broken
(10 to 15 TIMES slowdowns vs. SCSI on a 2.2 SMP kernel -- something VERY
wrong there...)
- Linux trying to sort disk writes at the kernel level instead of letting
the hardware controllers do the job seems to hurt disk write performance as
well.

I can bear some of this out from experience -- our OpenBSD machines currently
smoke Linux for anything requiring huge amounts of network traffic.

That mixed with OpenBSD's (and Theo's) hard-assed nature on security
makes OpenBSD a better platform for business use if the hardware's
supported and the apps you want have been ported.  

(Of course, no SMP at all no OpenBSD right now...)

Hopefully the 2.5 Kernel folks were listening...

I still love Linux, but in many ways the next couple of years will show
whether or not it "grows up" a little bit as far as performance issues
go...

On Wed, Jun 13, 2001 at 11:26:44AM -0600, Applegate,Kris wrote:
> Looks like we got it working. We MASQ'd the eth0 interface and added
> routes between eth1 and eth2. Works like a charm now. In lue of
> rebuilding the kernel we are just echoing the setting into
> /proc/sys/net/ipv4/ip_forward. Pretty fast too, that Intel dual ethernet
> NIC hauls. It was also a fun to go to the IS guys and tell them that we
> didn't need to borrow their $65000 Cisco 7206 anymore because we had
> something just as good and it cost us only $600.
> 
> --------------------------------------
> Kristopher Applegate
> 
> 
> 
> -----Original Message-----
> From: Sean Reifschneider [mailto:jafo at tummy.com]
> Sent: Tuesday, June 12, 2001 7:47 PM
> To: lug at lug.boulder.co.us
> Cc: Smith,Bill
> Subject: Re: [lug] 3 Port Linux router
> 
> 
> On Tue, Jun 12, 2001 at 04:47:26PM -0600, Applegate,Kris wrote:
> >We have been able to establish routes between all the networks just
> >fine. However, when we try to hit the internet via eth1 or eth2 we get
> 
> You have set up masquerading/NAT on the router machine for traffic which
> is
> destined for the public net?  Try using tcpdump to see what's getting
> shipped out to the public net.
> 
> Sean
> -- 
>  It's not a recursive function except in the sense that it calls itself.
>                  -- demoncrat on #python, 1999
> Sean Reifschneider, Inimitably Superfluous <jafo at tummy.com>
> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

-- 
Nate Duehr <nate at natetech.com>

GPG Key fingerprint = DCAF 2B9D CC9B 96FA 7A6D AAF4 2D61 77C5 7ECE C1D2
Public Key available upon request, or at wwwkeys.pgp.net and others.

More information about the LUG mailing list