On Thursday 04 September 2003 08:23, Dan Merillat wrote: > > I would actually hope that provided the other private nodes are actually > > used directly, they would start to accumulate data and fit themselves > > into their own specialised areas. Once they all had a reasonably amount > > of data in them, they would, hopefully, start cooperating and passing > > data without having to go outside to fetch it. > > Somewhat, yes. Not optimally.
Last time I brought up a similar point, Matthew's response was somewhat along the lines of that it would work out reasonably optimally because nodes would have different specialisations, but that he could be persuaded otherwise by some empirical evidence. I don't know if this view has changed since then. > > > About the only thing you really should do is patch the supernode to > > > ALWAYS reset datasource so your internal addy's don't pollute the > > > global namespace. > > > > I don't think that would happen anyway. From what I understand from > > Matthew's previous post, private IP addresses get automatically ignored > > by default anyway, unless an option in the config file is set. > > Yes, but if the gateway ALWAYS resets datasource, to the outside world > it looks like a 'supernode' with all the data of all the internal nodes. > Same with the inverse. I understand that. However, unless the border node is heavily CPU bound, that would probably be slower in the long term than having one really big border node and no internal nodes - from the view of the outside, that is. Or am I wrong here? Is proxying a request faster/less intensive than serving? I wouldn't have thought so... > Without that, you get 10.x noderefs polluting the table then get > dropped, so any data stored on internal nodes goes to /dev/null. Yes, but the outside nodes should drop the 10.x routes automatically anyway, as far as I understand. > > Stopping outward connections is not a problem, any half-decent firewall > > solution can do that. > > Only if you turn off the internet. Random port->Random port. You can't > block freenet without blocking everything but www. It depends on what > kind of system you're running. Here, we have NAT to keep windows boxes > from being directly on the internet, but there's no restrictions on what > they can connect out to. Ideally, you'd block everything outgoing as well, then only enable specifically the ports you want. > > > Matthew: How can they keep their internal nodes from being "polluted" > > > with external noderefs? > > > > Is that really necessary? Surely, the polution will not have any real > > effect because the nodes will quickly learn that they cannot route to > > those nodes. More to the point, the nodes other than the border node > > don't have to have a default route out of the network, thus IP will RNF > > before things get any further. > > Again, it's a waste because without a valid reference, data gets lost. But will it really break things that badly? Surely, the nodes will quickly learn to route to the border node(s) instead of trying to route further in. In fact, they won't even bother routing further in because the references will have private IP addresses on them which will get dropped before making it into the routing table in the first place. Or am I wrong here? Gordan _______________________________________________ Devl mailing list [EMAIL PROTECTED] http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/devl
