Re: [9fans] NAT vs /net

9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed

From: presotto@plan9.bell-labs.com
To: 9fans@cse.psu.edu
Subject: Re: [9fans] NAT vs /net
Date: Thu, 25 Jan 2001 21:48:12 -0500	[thread overview]
Message-ID: <20010126024815.3C3A3199F1@mail.cse.psu.edu> (raw)

[-- Attachment #1: Type: text/plain, Size: 814 bytes --]

At its peak there were about 20 people importing our outside interface
to inside machines.  After that we began trusting our path through the
firewall and switched to that in order to push on its harder.

The cost of importing /net is one process on the server machine per
import plus about 5 extra copies of the data due to shoving it trhough
the extra machine plus an extra header per message on the inside net
plus a bunch of context switches you wouldn't need on a nat.

The advantage is no need to worry about embedded addresses since
they would be 'real'.

For a small network, 100 or so machines, I wouldn't bother with
a NAT box and just do the import.  We're building a super-NAT
box for hiding networks the size of Lucent behind a Plan 9
box.  For that, the import surely wouldn't scale.

[-- Attachment #2: Type: message/rfc822, Size: 1452 bytes --]

From: Scott Schwartz <schwartz@bio.cse.psu.edu>
To: 9fans@cse.psu.edu
Subject: [9fans] NAT vs /net
Date: Thu, 25 Jan 2001 21:28:25 -0500
Message-ID: <20010126022825.20068.qmail@g.bio.cse.psu.edu>

On thing I've wondered about is how well importing /net scales.  That
strikes me as an elegant way for folks inside a firewall to talk to the
outside, but with lots of users it means lots of mounts, and running
into limits on number of processes and file descriptors and stuff.
Anyone tested this to destruction?

next             reply	other threads:[~2001-01-26  2:48 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2001-01-26  2:48 presotto [this message]
2001-01-26  5:20 ` Andrey A Mirtchovski
2001-01-26  7:15   ` Boyd Roberts
2001-01-26  7:23     ` Lucio De Re
  -- strict thread matches above, loose matches on Subject: below --
2001-01-26 13:47 presotto
2001-01-26 13:57 ` Boyd Roberts
2001-01-26  2:28 Scott Schwartz

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20010126024815.3C3A3199F1@mail.cse.psu.edu \
    --to=presotto@plan9.bell-labs.com \
    --cc=9fans@cse.psu.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).