From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Sun, 16 Nov 2008 06:27:39 +0000 From: Eris Discordia To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Message-ID: <1282469A8843837F996E64E1@[192.168.1.2]> In-Reply-To: References: <98CCE297-BE54-4ADA-B57D-DB8FE71060BA@sun.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: Re: [9fans] Do we have a catalog of 9P servers? Topicbox-Message-UUID: 45c55900-ead4-11e9-9d60-3106f5b1d025 > Plan 9 does need one extra connection per client and a process (or > two?) to do the export. I think Eris is saying that this makes Plan > 9's resource requirements grow with the number of hosts behind the > gateway -- not just with the number of connections through it like > Linux. You're right, Eris, but I think you're missing the point: > importing /net gives you all the features you'd want from NAT (and > some it doesn't give you) without a single line of code specifically > written to make it happen. It isn't an example of how you can handle > the most clients with the least hardware. It's an example of how a > good design can give you features without having to code each one > individually. Very well said. This posting summarizes what's been going on: 1. Generality is good. 2. Generality costs. 3. Depending upon circumstances the costs of generality may or may not entirely overshadow its benefits. 4. The application should determine choices of software. No solution fits all. 5. If you need NAT weigh the options of doing it. It may turn out that importing /net is the best choice for your application. Or it may turn out otherwise. /net has a raison d'etre--regular NAT, too. --On Saturday, November 15, 2008 2:13 PM -0800 Micah Stetson wrote: >>> I'm unclear as to what "amount of state" iptables needs to keep >> >> After you do something like: >> # iptables -t nat -A POSTROUTING -p TCP -j MASQUERADE >> the Linux kernel module called nf_conntrack starts allocating >> data structures to do its job. I'll leave it up to you to see how much >> memory gets wasted on each connection. Here's a hint, >> though: /proc/net/nf_conntrack > > I don't think Plan 9 is keeping any less state, is it? As far as the > gateway is concerned, all of the connections from machines importing > its /net are the same as connections from local programs. The TCP/IP > stack has to keep track of those, but Plan 9 doesn't need separate > connection tracking code for that because it's handled like any other > connection. > > Plan 9 does need one extra connection per client and a process (or > two?) to do the export. I think Eris is saying that this makes Plan > 9's resource requirements grow with the number of hosts behind the > gateway -- not just with the number of connections through it like > Linux. You're right, Eris, but I think you're missing the point: > importing /net gives you all the features you'd want from NAT (and > some it doesn't give you) without a single line of code specifically > written to make it happen. It isn't an example of how you can handle > the most clients with the least hardware. It's an example of how a > good design can give you features without having to code each one > individually. > > Micah >