Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Questions about forwarding mode #102

Closed
dotSlashLu opened this issue Sep 26, 2020 · 4 comments
Closed

Questions about forwarding mode #102

dotSlashLu opened this issue Sep 26, 2020 · 4 comments

Comments

@dotSlashLu
Copy link

Hi developers. I have some experience with traditional LVS technology but just started to learn about this library, so please bear with me if my questions are not on the right track.

From the documentation I learned katran's forwarding mode is a bit like LVS' TUN mode, which needs L4 machines to wrap packets to IPIP protocol and requires the L7 have public network reachability. Will tunneling be a huge computational overhead for the L4 machines?

I think in most of deployment scenarios, L7 and L4 are just in the same local network and doesn't need IPIP to work. Why not support something like LVS's

  • DR: L4 -direct routing-> L7 -> Client. Like TUN, but requires L4 and L7 to be L2 reachable and doesn't require tunneling. Or
  • FullNAT: L4 -SNAT-> L7 -> L4 -DNAT-> Client. Doesn't require L2 reachability but packets needs to be returned to L4 to reach client

mode?

What is the design considerations of using tunnel? Thanks.
@yangchi
Copy link
Contributor

yangchi commented Sep 27, 2020

@udippant
Copy link
Contributor

Will tunneling be a huge computational overhead for the L4 machines?

I do not have any numbers to share here. But if you consider just the overhead of tunneling on the L4 machine, it is not that much (e.g. https://github.com/facebookincubator/katran/blob/master/katran/lib/bpf/pckt_encap.h#L41 - bpf_xdp_adjust_head, couple of memcpy and updates to write the additional header).

For #1 - with this you'll need to rely on mechanism such as ARP for routing to the servers, which has its own disadvantages. Tunneling simplifies this overall setup since it provides the L4 layer great control for routing of incoming packets to the servers.

For #2 - this adds another hop to L4 in the response path, which regresses the performance in several ways.

You can read more about the design considerations for Katran at https://engineering.fb.com/open-source/open-sourcing-katran-a-scalable-network-load-balancer/

@dotSlashLu
Copy link
Author

Thanks udippant, the blog post answers a lot of my questions, including choosing XDP over DPDK. Still I think FullNAT is the best fit of our scenario. This library is a great base, I'll try to add FullNAT ability to it.

@tehnerd
Copy link
Contributor

tehnerd commented Sep 29, 2020

@dotSlashLu you will loose all the benefits of DSR with full nat. Frankly speaking I think if you need such feature - go with ipvs as it is already supports it. There is no need for xdp performance. As most likely you are going to be limited by interface capacity (as l4 would see both ingress and egress trqffic)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@udippant @yangchi @dotSlashLu @tehnerd