Linux IPv6 routing strange behaviour
Jeroen Massar
jeroen at massar.ch
Thu Aug 15 15:09:50 CEST 2013
On 2013-08-15 14:41, Mikael Abrahamsson wrote:
> On Thu, 15 Aug 2013, Jeroen Massar wrote:
>
>> Yes, that is 5 /40s worth of address space and everything is piped
>> into the sixxs interface to a single neighbor that lives on the tapped
>> interface. We thus indeed hit the Linux routing logic a bit, but as
>> the table is small and it is a single neighbor nothing much dynamic
>> happens there. "ip -6 monitor route" is thus nice an silent.
>
> So you're actually not seeing any flow based routing here?
>
> "cat /proc/net/ipv6_route" contains just those routes you see in "ip -6
> r show"?
>
> Because in my linux kernel 3.2 based machines I have a lot more entries
> in "cat /proc/net/ipv6_route" than I have routes.
That is correct. Though on 2.6 you won't see those there from what I
recall, on 3.2 you will indeed see them.
In our case that means that the tunnels are not amongst them (and that
is where the majority of endpoints for us are, hence at minimum half the
table entries), while the uplink (which is a default route) will cause a
the packet to go through Linux's kernel and create the same entry over
and over.
We could likely avoid that if we wanted to, by sending the packet
ourselves to gateway and thus skipping the kernel's routing completely.
As the scaling[2] and performance is already much better (and we do not
have the randomly dropping interfaces[1] , and overhead is already
minimal enough, we did not bother doing that yet.
Greets,
Jeroen
[1] Linux kernel uses a hashtable that can collide when there are lots
of tunnels; but as we know the address space layout anyway, we do not
have to bother with that.
[2] I recall that the interface table used to/is a linked list...
More information about the ipv6-ops
mailing list