This article describes the Linux soft routing works, and use the normal PC computer as a hardware device, in the actual network environments tested and discussed the Linux soft routing performance.
Experimental proof that 100 MB Ethernet network environment, Linux soft routed datagram forwarding speed depends on the actual speed of network card, and with the soft routing system for the application-tier services increases. The result is a Linux application soft routing and universal. 0, introduction with open source software development, more and more people begin to understand, use, and on Linux. Currently Linux environment in case of soft routing design and has many; but for the actual network environment Linux soft routing load performance has been measured and lack of relevant discussions. This article from Linux soft routing framework and experimental two-part discussion and conclusions. 1. Netfilter framework Netfilter framework on the Linux operating system with soft routing, Linux2.4 kernel processing a datagram of the operating system. It can do in IPv4, IPv6 and Decnet network stack. Netfilter framework concept and main implementers is RustyRussell. Netfilter framework as shown: Netfilter Figurexxx.Requiresaheading (1) for each network protocol defines a set of hook function, which is an IPv4 defines the following five hook function: [1] NF_IP_PRE_ROUTING. [2] NF_IP_FORWARD NF_IP_LOCAL_IN [3] [4] [5] NF_IP_LOCAL_OUT NF_IP_POST_ROUTING (2) these hook function in Linux kernel module is registered, and hook. When a datagram into the framework of the network layer, the kernel module in the framework of the hook function [1] receiving datagrams, and checks, forward, discarded or indicates the Netfilter datagram through [2] incoming userspace queue. (3) if the datagram is passed to user space, the application tier is asynchronous processing. This layer of user process (LocalProcess) in the datagram for more fine inspect, modify and Assembly, through the hook function [4] put it back on to the network layer. Netfilter framework of datagram stream structure make it greatly reduces the datagram forwarding latency and increases the accuracy of the data reported to the control; in the overhead savings, improve the efficiency of processing the datagram goes beyond the work on the Windows platform for routing software. 2. Netfilter Iptables instruction system if the framework is a datagram line, then we need to control the instruction pipelining, the instruction system in Linux2.4 kernel and above versions are called Iptables. Iptables commands from the table and rules, which directly control the hook function and the Linux kernel module complete datagram filtering, forwarding, and modify the work. (1) datagram filtering (PacketFilter): Iptables in filter tables are responsible for checking the data reported, and in accordance with rules decided to release or discarded datagram, it works in the Netfilter framework LocalProcess. (2) network address translation (NAT: NetworkAddressTranslation): Iptables NAT table in the need to forward the datagram source address and destination address conversion. NAT table is different from the filter table, it only adds a new connection of the first datagram traverses the table, and then the information reported in accordance with the first data reported results for the same conversion processing. This makes the NAT table at the network layer on high-speed forward datagrams. (3) datagram processing (PacketMangling): mangle table in Iptables can implement modifications to the data reported to the information reported to attach or some additional data. With Iptables upgrade, this operation will be more accurate.
No comments:
Post a Comment