On 2013-08-15 14:41, Mikael Abrahamsson wrote: > On Thu, 15 Aug 2013, Jeroen Massar wrote: > >> Yes, that is 5 /40s worth of address space and everything is piped >> into the sixxs interface to a single neighbor that lives on the tapped >> interface. We thus indeed hit the Linux routing logic a bit, but as >> the table is small and it is a single neighbor nothing much dynamic >> happens there. "ip -6 monitor route" is thus nice an silent. > > So you're actually not seeing any flow based routing here? > > "cat /proc/net/ipv6_route" contains just those routes you see in "ip -6 > r show"? > > Because in my linux kernel 3.2 based machines I have a lot more entries > in "cat /proc/net/ipv6_route" than I have routes.
That is correct. Though on 2.6 you won't see those there from what I recall, on 3.2 you will indeed see them. In our case that means that the tunnels are not amongst them (and that is where the majority of endpoints for us are, hence at minimum half the table entries), while the uplink (which is a default route) will cause a the packet to go through Linux's kernel and create the same entry over and over. We could likely avoid that if we wanted to, by sending the packet ourselves to gateway and thus skipping the kernel's routing completely. As the scaling[2] and performance is already much better (and we do not have the randomly dropping interfaces[1] , and overhead is already minimal enough, we did not bother doing that yet. Greets, Jeroen [1] Linux kernel uses a hashtable that can collide when there are lots of tunnels; but as we know the address space layout anyway, we do not have to bother with that. [2] I recall that the interface table used to/is a linked list...