From: Eris Discordia <eris.discordia@gmail.com>
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
Subject: Re: [9fans] Do we have a catalog of 9P servers?
Date: Sat, 15 Nov 2008 11:21:59 +0000 [thread overview]
Message-ID: <DBCC6BB0C82C348357A14A53@[192.168.1.2]> (raw)
> Exactly! An idle TCP connection costs you nothing except the state that
Would you mind reading my response, too, and then informing me of your
opinion?
> Not only that, but if you look at the amount of state something like
> iptables on Linux needs to keep in order to provide NAT capabilities it
> becomes a complete toss.
You seem to be extremely out of the field with respect to what iptables
does and how normal NAT is implemented on a *BSD system (which was my
example). FreeBSD doesn't have iptables at all. Stateful packet filtering
is done by the _optional_ pf loadable kernel module (kld, in *BSD-speak)
specifically created to meet OpenBSD's security requirements and NAT is
done by natd, a tiny daemon. Simpler firewalls are often implemented using
ipfw (now ipfw2).
Iptables provides very sophisticated routing and filtering capabilities.
It's used as a back-end for stateful inspection, packet rewriting, logging,
routing, intrusion detection, and firewalling applications. That's NAT...
plus one million other applications. I'm unclear as to what "amount of
state" iptables needs to keep that makes imported /net a "complete toss"
assuming you can magically make /net provide the same functionality
netfilter does.
Also, neither you nor anyone else have addressed the question of port
forwarding using an imported /net. Now I'm curious: do any of you 9fans
have an internal network behind a gateway that runs Plan 9? In case you do,
I'll be grateful if read about the configuration of your network(s).
--On Friday, November 14, 2008 8:12 PM -0800 Roman Shaposhnik <rvs@sun.com>
wrote:
> On Nov 13, 2008, at 8:55 AM, sqweek wrote:
>>> I understand that if you import a gateway's /net on each computer
>>> in a
>>> rather large internal network you will be consuming a huge amount
>>> of mostly
>>> redundant resources on the gateway. My impression is that each
>>> imported
>>> instance of /net requires a persistent session to be established
>>> between the
>>> gateway and the host on the internal network. NAT in comparison is
>>> naturally
>>> transient.
>>
>> I'm not sure there's as much difference as you make out to be. On the
>> one hand, you have a NAT gateway listening for tcp/ip packets, and on
>> the other hand you have an open tcp/ip connection and a file server
>> waiting for 9p requests. It's not as though 9p is wasting bandwidth
>> chatting away while there's no activity, so the only cost is the
>> tcp/ip connection to each client on the network, which shouldn't
>> qualify as a huge amount of resources.
>
> Exactly! An idle TCP connection costs you nothing except the state that
> is kept by the kernels of the two connected end points. No packets
> ever get generated unless there's an application level payload that
> needs to be transferred. Not only that, but if you look at the amount
> of state something like iptables on Linux needs to keep in order
> to provide NAT capabilities it becomes a complete toss. With Plan9
> as a gateway you're not paying a visible extra premium.
>
> Thanks,
> Roman.
>
next reply other threads:[~2008-11-15 11:21 UTC|newest]
Thread overview: 198+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-15 11:21 Eris Discordia [this message]
2008-11-15 13:38 ` Gabriel Diaz Lopez de la Llave
2008-11-15 15:30 ` hiro
2008-11-15 20:01 ` Roman Shaposhnik
2008-11-15 22:13 ` Micah Stetson
2008-11-16 5:47 ` Roman Shaposhnik
2008-11-16 19:36 ` Micah Stetson
2008-11-16 6:27 ` Eris Discordia
[not found] ` <1282469A8843837F996E64E1@192.168.1.2>
2008-11-16 6:57 ` andrey mirtchovski
2008-11-16 11:45 ` Eris Discordia
[not found] ` <D6FDC9E2D78F88C07963DBE5@192.168.1.2>
2008-11-16 12:49 ` hiro
2008-11-16 16:15 ` Eris Discordia
2008-11-16 17:38 ` lucio
2008-11-16 13:25 ` Uriel
2008-11-16 19:46 ` Micah Stetson
2008-11-16 21:24 ` Eris Discordia
2008-11-16 21:52 ` erik quanstrom
2008-11-19 1:59 ` Nathaniel W Filardo
2008-11-20 2:35 ` erik quanstrom
[not found] ` <D0E4FEAEC0D3FD307DE41383@192.168.1.2>
2008-11-17 5:12 ` Micah Stetson
-- strict thread matches above, loose matches on Subject: below --
2008-11-21 0:12 Eris Discordia
2008-11-21 0:42 ` erik quanstrom
2008-11-21 7:57 ` Eris Discordia
2008-11-20 22:28 Eris Discordia
2008-11-20 22:42 ` erik quanstrom
2008-11-20 21:35 Eris Discordia
2008-11-19 18:31 Eris Discordia
2008-11-19 20:08 ` Anant Narayanan
2008-11-20 0:00 ` Eris Discordia
2008-11-20 4:55 ` blstuart
2008-11-20 7:44 ` Eris Discordia
2008-11-20 17:34 ` Brian L. Stuart
2008-11-20 18:30 ` akumar
2008-11-20 18:36 ` erik quanstrom
2008-11-20 19:20 ` Brian L. Stuart
2008-11-17 8:42 Eris Discordia
2008-11-17 7:57 Eris Discordia
2008-11-16 18:30 Eris Discordia
2008-11-16 18:08 Eris Discordia
2008-11-16 17:19 Eris Discordia
2008-11-16 16:58 Eris Discordia
2008-11-16 17:17 ` erik quanstrom
2008-11-16 18:01 ` ron minnich
[not found] <96BA4878DB039F3DAE38CCF2@192.168.1.2>
2008-11-16 15:09 ` sqweek
2008-11-16 17:41 ` Charles Forsyth
2008-11-16 11:39 Eris Discordia
2008-11-16 7:24 Eris Discordia
2008-11-17 10:20 ` Dave Eckhardt
2008-11-17 14:01 ` Eris Discordia
2008-11-17 16:50 ` Dave Eckhardt
2008-11-17 19:45 ` Eris Discordia
[not found] <DBCC6BB0C82C348357A14A53@192.168.1.2>
2008-11-15 11:49 ` Sergey Zhilkin
2008-11-16 4:31 ` Iruata Souza
[not found] <906EC091083FF0C3C35F51A9@192.168.1.2>
2008-11-16 0:15 ` Felipe Bichued
2008-11-15 22:07 Eris Discordia
2008-11-16 5:27 ` Roman Shaposhnik
2008-11-16 6:19 ` Eris Discordia
[not found] <FB6D5E99B294E50B901E8872@192.168.1.2>
2008-11-14 18:21 ` Tom Lieber
2008-11-14 18:59 ` erik quanstrom
2008-11-16 2:45 ` sqweek
2008-11-14 17:29 Eris Discordia
2008-11-14 16:39 Eris Discordia
[not found] <7D122EF9133395AC4DEA0396@192.168.1.2>
2008-11-13 16:55 ` sqweek
2008-11-13 17:28 ` Brian L. Stuart
2008-11-15 4:12 ` Roman Shaposhnik
2008-11-13 14:25 gdiaz
2008-11-14 16:43 ` Eris Discordia
2008-11-14 17:00 ` erik quanstrom
2008-11-12 21:19 Eris Discordia
2008-11-12 23:11 ` erik quanstrom
2008-11-12 23:51 ` Bruce Ellis
2008-11-13 0:35 ` akumar
2008-11-13 11:58 ` Eris Discordia
2008-11-13 14:17 ` erik quanstrom
2008-11-13 16:22 ` Iruata Souza
2008-11-12 19:08 erik quanstrom
2008-11-12 13:23 Eris Discordia
2008-11-12 14:02 ` Charles Forsyth
[not found] <ba5c9f8b914dc6c6d0b4f533d681cda2@quanstro.net>
2008-11-12 5:52 ` sqweek
2008-11-12 5:22 erik quanstrom
[not found] <150a5464b8f389f1eb92ff001f7d391f@quanstro.net>
2008-11-12 5:17 ` sqweek
2008-11-12 4:50 erik quanstrom
2008-11-09 6:12 erik quanstrom
2008-11-09 13:52 ` Bruce Ellis
2008-11-09 20:39 ` C H Forsyth
2008-11-09 21:57 ` Bruce Ellis
2008-11-07 21:51 Roman V. Shaposhnik
2008-11-07 22:31 ` ron minnich
2008-11-07 23:19 ` Charles Forsyth
2008-11-07 23:45 ` Skip Tavakkolian
2008-11-07 23:51 ` ron minnich
2008-11-08 6:16 ` Bruce Ellis
2008-11-08 7:22 ` Lyndon Nerenberg
2008-11-08 3:43 ` Roman V. Shaposhnik
2008-11-08 3:56 ` ron minnich
2008-11-08 4:29 ` Roman Shaposhnik
2008-11-08 11:39 ` erik quanstrom
2008-11-07 22:37 ` Charles Forsyth
2008-11-07 22:38 ` C H Forsyth
2008-11-08 1:45 ` Roman V. Shaposhnik
2008-11-08 11:47 ` erik quanstrom
2008-11-08 12:11 ` Francisco J Ballesteros
2008-11-08 15:58 ` Charles Forsyth
2008-11-08 17:21 ` Skip Tavakkolian
2008-11-08 18:27 ` Brantley Coile
2008-11-08 18:32 ` akumar
2008-11-08 18:44 ` Russ Cox
2008-11-08 23:56 ` LiteStar numnums
2008-11-08 19:15 ` John Barham
2008-11-08 22:16 ` Roman Shaposhnik
2008-11-08 23:11 ` erik quanstrom
2008-11-08 23:37 ` Roman Shaposhnik
2008-11-09 11:26 ` Steve Simon
2008-11-10 5:50 ` Enrico Weigelt
2008-11-10 6:17 ` sqweek
2008-11-10 6:26 ` Enrico Weigelt
2008-11-10 10:00 ` Robert Raschke
2008-11-11 2:40 ` Enrico Weigelt
2008-11-11 2:53 ` sqweek
2008-11-10 22:46 ` Roman V. Shaposhnik
2008-11-10 22:54 ` Roman V. Shaposhnik
2008-11-10 5:26 ` Enrico Weigelt
2008-11-10 5:56 ` Anant Narayanan
2008-11-10 6:18 ` Enrico Weigelt
2008-11-10 12:11 ` Charles Forsyth
[not found] ` <4a3bd2fc8118cd88c5bd56605ba6d4e9@terzarima.net>
2008-11-11 2:23 ` Enrico Weigelt
2008-11-10 6:01 ` Skip Tavakkolian
2008-11-08 23:36 ` Mechiel Lukkien
2008-11-08 22:13 ` Roman Shaposhnik
2008-11-08 22:19 ` Bruce Ellis
2008-11-08 22:59 ` Roman Shaposhnik
2008-11-08 23:11 ` Bruce Ellis
2008-11-08 23:26 ` ron minnich
2008-11-09 1:12 ` Bakul Shah
2008-11-09 5:50 ` Skip Tavakkolian
2008-11-09 20:43 ` C H Forsyth
2008-11-09 22:13 ` Skip Tavakkolian
2008-11-09 22:21 ` Bruce Ellis
2008-11-10 21:56 ` Roman V. Shaposhnik
2008-11-10 22:28 ` Anant Narayanan
2008-11-10 23:38 ` C H Forsyth
2008-11-10 23:45 ` Roman V. Shaposhnik
2008-11-11 0:14 ` Charles Forsyth
2008-11-11 1:00 ` Roman V. Shaposhnik
2008-11-11 1:50 ` Bruce Ellis
2008-11-11 15:37 ` Skip Tavakkolian
2008-11-11 16:02 ` Eric Van Hensbergen
2008-11-11 16:36 ` Skip Tavakkolian
2008-11-11 16:52 ` Eric Van Hensbergen
2008-11-12 2:42 ` sqweek
2008-11-12 3:26 ` Roman Shaposhnik
2008-11-11 19:18 ` Bruce Ellis
2008-11-11 19:55 ` Eric Van Hensbergen
2008-11-11 20:08 ` Bruce Ellis
2008-11-11 16:30 ` Uriel
2008-11-11 16:51 ` ron minnich
2008-11-11 17:01 ` Eric Van Hensbergen
2008-11-11 17:54 ` sqweek
2008-11-11 19:46 ` ron minnich
2008-11-11 20:51 ` erik quanstrom
2008-11-11 22:33 ` Eric Van Hensbergen
2008-11-12 0:32 ` Eris Discordia
[not found] ` <D06FA45F8C3E658AA29EAAFD@192.168.1.2>
2008-11-12 4:40 ` sqweek
2008-11-11 19:54 ` Eric Van Hensbergen
2008-11-12 2:11 ` sqweek
2008-11-12 2:44 ` Eric Van Hensbergen
2008-11-12 3:51 ` Roman Shaposhnik
2008-11-12 14:29 ` Charles Forsyth
2008-11-12 14:48 ` Eric Van Hensbergen
2008-11-12 4:58 ` ron minnich
2008-11-12 5:20 ` Roman Shaposhnik
2008-11-12 17:47 ` ron minnich
2008-11-12 19:00 ` Uriel
2008-11-12 19:13 ` geoff
2008-11-12 19:58 ` Charles Forsyth
2008-11-12 19:55 ` Brantley Coile
2008-11-12 21:08 ` Gorka Guardiola
2008-11-13 16:37 ` Dan Cross
2008-11-14 5:52 ` Roman Shaposhnik
2008-11-14 8:18 ` Steve Simon
2008-11-14 16:35 ` Eric Van Hensbergen
2008-11-20 12:08 ` Dan Cross
2008-11-20 22:57 ` Roman V. Shaposhnik
2008-11-12 19:16 ` ron minnich
2008-11-12 19:31 ` Eric Van Hensbergen
2008-11-12 21:20 ` Roman V. Shaposhnik
2008-11-12 3:40 ` Roman Shaposhnik
2008-11-11 0:19 ` ron minnich
2008-11-11 0:48 ` Eric Van Hensbergen
2008-11-11 6:35 ` Skip Tavakkolian
2008-11-11 2:19 ` Enrico Weigelt
2008-11-11 2:32 ` Lyndon Nerenberg
2008-11-11 6:54 ` Skip Tavakkolian
2008-11-11 8:45 ` Fco. J. Ballesteros
2008-11-11 15:28 ` hiro
2008-11-11 16:25 ` Gorka Guardiola
2008-11-12 1:55 ` Roman V. Shaposhnik
2008-11-12 2:48 ` sqweek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='DBCC6BB0C82C348357A14A53@[192.168.1.2]' \
--to=eris.discordia@gmail.com \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).