Re: RDMA will be reverted
From: Andy Gay <hidden>
Date: 2006-07-04 23:48:38
On Wed, 2006-07-05 at 01:01 +0200, Andi Kleen wrote:
quoted
My point wasn't really about performance here, more that systems needing this level of performance (server farm is just an example) will probably be on an 'inside' network with firewalling being done elsewhere (at the access layer, to use the Cisco paradigm). It's just not good design to attach such systems directly to an untrusted network, IMHO. So these systems just don't need netfilter capabilities.Don't think of the highend. It is exotic and rare.
Sure. But isn't the high end exactly where these new technologies are intended to fit?
Think of the ordinary single linux box somewhere at a rackspace provider which represents the majority of Linux boxes around.
How many of those need 10G nics?
With a not too skilled admin who mostly uses the default settings of his configuration. For that running firewalling on the same box makes a lot of sense.
Yup. I run a few of those. And I run firewalls on them. But they're on 1.5M T1 pipes at best. I probably fit into your 'not too skilled' category, too :)
Normally it is not that loaded and it doesn't matter much how it performs, but it might be occasionally slashdotted and then it should still hold up. BTW basic firewalling is not really that bad as long as you don't have too many rules. Mostly conntrack is painful right now. I'm sure at some point it will be fixed too.
Actually, I wasn't aware of any pain with conntrack, it works great for me. But like I said, I don't run any real high speed connections. We're focusing on netfilter here. Is breaking netfilter really the only issue with this stuff? I know you mentioned some other concerns (about TOE specifically), they were really scalability things though weren't they - like you're not convinced this really solves any performance issues long term. I'm certainly not qualified to discuss that, hopefully some of the others will weigh in here.
-Andi - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html