From mboxrd@z Thu Jan 1 00:00:00 1970 From: presotto@plan9.bell-labs.com To: 9fans@cse.psu.edu Subject: Re: [9fans] NAT vs /net MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="upas-attpyvlbsizksesdrqslprurar" Message-Id: <20010126024815.3C3A3199F1@mail.cse.psu.edu> Date: Thu, 25 Jan 2001 21:48:12 -0500 Topicbox-Message-UUID: 520b7c22-eac9-11e9-9e20-41e7f4b1d025 This is a multi-part message in MIME format. --upas-attpyvlbsizksesdrqslprurar Content-Disposition: inline Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit At its peak there were about 20 people importing our outside interface to inside machines. After that we began trusting our path through the firewall and switched to that in order to push on its harder. The cost of importing /net is one process on the server machine per import plus about 5 extra copies of the data due to shoving it trhough the extra machine plus an extra header per message on the inside net plus a bunch of context switches you wouldn't need on a nat. The advantage is no need to worry about embedded addresses since they would be 'real'. For a small network, 100 or so machines, I wouldn't bother with a NAT box and just do the import. We're building a super-NAT box for hiding networks the size of Lucent behind a Plan 9 box. For that, the import surely wouldn't scale. --upas-attpyvlbsizksesdrqslprurar Content-Type: message/rfc822 Content-Disposition: inline Received: from plan9.cs.bell-labs.com ([135.104.9.2]) by plan9; Thu Jan 25 21:29:26 EST 2001 Received: from mail.cse.psu.edu ([130.203.4.6]) by plan9; Thu Jan 25 21:29:24 EST 2001 Received: from psuvax1.cse.psu.edu (psuvax1.cse.psu.edu [130.203.18.6]) by mail.cse.psu.edu (CSE Mail Server) with ESMTP id CDDA119A04; Thu, 25 Jan 2001 21:29:12 -0500 (EST) Received: from bio.cse.psu.edu (galapagos.cse.psu.edu [130.203.12.17]) by mail.cse.psu.edu (CSE Mail Server) with SMTP id 0A238199F1 for <9fans@cse.psu.edu>; Thu, 25 Jan 2001 21:28:26 -0500 (EST) Received: (qmail 20070 invoked by uid 991); 26 Jan 2001 02:28:25 -0000 Message-ID: <20010126022825.20068.qmail@g.bio.cse.psu.edu> To: 9fans@cse.psu.edu From: Scott Schwartz Subject: [9fans] NAT vs /net Sender: 9fans-admin@cse.psu.edu Errors-To: 9fans-admin@cse.psu.edu X-BeenThere: 9fans@cse.psu.edu X-Mailman-Version: 2.0.1 Precedence: bulk Reply-To: 9fans@cse.psu.edu List-Id: Fans of the OS Plan 9 from Bell Labs <9fans.cse.psu.edu> List-Archive: Date: Thu, 25 Jan 2001 21:28:25 -0500 On thing I've wondered about is how well importing /net scales. That strikes me as an elegant way for folks inside a firewall to talk to the outside, but with lots of users it means lots of mounts, and running into limits on number of processes and file descriptors and stuff. Anyone tested this to destruction? --upas-attpyvlbsizksesdrqslprurar--