[9fans] Re: NAT

[9fans] Re: NAT

[Richard C Bilson]

Ah.  I found the paper by ehg and ynl.  Nice, but I don't have any
spare network processors lying around.  Of course, I wouldn't actually
need them to do the simple/low volume stuff that I want to do.

Re: [9fans] Re: NAT

[Eric Grosse]

Richard C Bilson <rcbilson@plg2.math.uwaterloo.ca> wrote:
> Ah.  I found the paper by ehg and ynl.  Nice, but I don't have any
> spare network processors lying around.  Of course, I wouldn't actually
> need them to do the simple/low volume stuff that I want to do.
IEEE Network, July/August 2003, 17:4,35-39

We also did it in Plan 9 on a simple PC, for comparison and to get
the code right before diving into IXP1200 assembler.   As far as
Plan 9 experience is concerned, the nice part was how easily IPv6
went in.  NAT itself is pretty straightforward on any OS.

The Lucent Firewall product runs (a mix of Inferno and) Plan 9.

> Any source available?
Because of the commercial products, we decided not to polish our
NAT implementation and put it into the standard distribution.
With decent home NAT devices available for $50 or less, it
hardly seemed worth the extra effort.

Eric

Re: [9fans] Re: NAT

[boyd, rounin]

> sometime back there was a mail that said NAT and firewall code will be
> integrated to Plan 9 kernel. i was wondering whether it is really a good
> idea to put NAT/firewall code into the OS.

no it isn't.  bugs will kill you dead.

if it's in user mode the problem can be contained and a lot easier to
code/run/test.  no root on plan 9 :)

Re: [9fans] Re: NAT

[vdharani]

> Richard C Bilson <rcbilson@plg2.math.uwaterloo.ca> wrote:
>> Ah.  I found the paper by ehg and ynl.  Nice, but I don't have any
>> spare network processors lying around.  Of course, I wouldn't actually
>> need them to do the simple/low volume stuff that I want to do.
> IEEE Network, July/August 2003, 17:4,35-39
>
> We also did it in Plan 9 on a simple PC, for comparison and to get the
> code right before diving into IXP1200 assembler.   As far as
> Plan 9 experience is concerned, the nice part was how easily IPv6
> went in.  NAT itself is pretty straightforward on any OS.
>
> The Lucent Firewall product runs (a mix of Inferno and) Plan 9.
>
>> Any source available?
> Because of the commercial products, we decided not to polish our
> NAT implementation and put it into the standard distribution.
> With decent home NAT devices available for $50 or less, it
> hardly seemed worth the extra effort.

sometime back there was a mail that said NAT and firewall code will be
integrated to Plan 9 kernel. i was wondering whether it is really a good
idea to put NAT/firewall code into the OS. i think it is better to seperate
NAT/firewall code from the kernel (unlike linux, FreeBSD, Win, etc). At
times, it may look really needed (like a standalone box connected to an ISP
network directly), but i think at best we can have it as a user-level
application to meet these scenarios. Just my opinion.

Thanks
dharani

Re: [9fans] Re: NAT

[David Presotto]

[-- Attachment #1: Type: text/plain, Size: 95 bytes --]

There's an inferno firewall.  Ehg and ynl did a NAT but I don't know
what the status of it is.

[-- Attachment #2: Type: message/rfc822, Size: 2431 bytes --]

From: "boyd, rounin" <boyd@insultant.net>
To: <9fans@cse.psu.edu>
Subject: Re: [9fans] Re: NAT
Date: Tue, 30 Sep 2003 22:16:56 +0200
Message-ID: <037f01c3878f$d7fc11c0$b9844051@insultant.net>

> sometime back there was a mail that said NAT and firewall code will be
> integrated to Plan 9 kernel. i was wondering whether it is really a good
> idea to put NAT/firewall code into the OS.

no it isn't.  bugs will kill you dead.

if it's in user mode the problem can be contained and a lot easier to
code/run/test.  no root on plan 9 :)