On Sat, 12 Oct 2002 04:41:37 -0700 (PDT)
"David S. Miller" <davem@xxxxxxxxxx> wrote:
> From: bert hubert <ahu@xxxxxxx>
> Date: Sat, 12 Oct 2002 13:17:59 +0200
> On Fri, Oct 11, 2002 at 07:41:08PM -0700, David S. Miller wrote:
> > We believe that the whole SPD/SAD mechanism should move
> > eventually to a top-level flow cache shared by ipv4 and
> > ipv6.
> Is this the proposed stacked route system?
> Yes, for output mostly.
> Also the idea Alexey and I have to move towards a small
> efficient flow cache shared by IPv4/IPv6 plays into this
> as well. There are changesets on their way to Linus tonight
> which moves ipv4 over to using ipv6's "struct flowi" from
> include/net/flow.h as the routing lookup key.
> The initial ipsec is intended to be simple, singly linked
> lists for the spd/sad databases etc. Making the feature
> freeze is pretty important right now, full blown flow cache
> is just performance improvement :)
Just a word on this one: I recently came across some heavy performance problem
regarding a setup with about 225 000 routes. It looked as if TCP experienced a
tremendous slowdown to about 50 KBytes/sec throughput, whereas UDP worked
pretty much normal. This was a 2.2.19 kernel with equal-cost-multipath enabled
and large routing-tables enabled.
The reason I am writing this is: please keep in mind situations like this with
several hundred thousands of routes in one box. This is a familiar setup for
the routing guys - and not a "just" case ;-)
Thanks for lending an ear.