NAT 4 Linux (project)

Michael Hasenstein (mhasenst@peoplesoft.com)
Fri, 21 Aug 1998 11:55:26 -0700


1st, I'm not talking about the masqerading code in current kernels.
That's just ONE kind of NAT, there are many others. See URL.

To put the question and the reason why I send this at the beginning, I'd
like to gather opinions to find out if it's worth to continue a project
that had started about 1 1/2 years ago.

About a year ago I had put some code on the web, at
http://www.csn.tu-chemnitz.de/HyperNews/get/linux-ip-nat.html

Right now ~55 people have registered with the HyperNews server to be
informed of new articles automatically (autom. builtin feature of the
excellent HyperNews). That's a lot for such a specific topic, I think.
On the other hand, only one person registered for a mailing list I have
just set up. Hot and cold, that's how I feel about NAT. Sometimes I get
lots of positive input, and just when I start getting interested again
and thinking about writing new code, the opposite feeling takes over,
that nobody's interested.

I just had a job offer from Xoom (www.xoom.com), for consulting services
or even full time. I mention it because they had an interesting problem:
They host ~2.5 million homepages -> they need bandwidth. They saw my
virtual server test implementation and thought a modified and stable
version of it could be used for their purposes. They wanted to have a
setup, where a NAT router distributes HTTP requests to different
(physical) web servers based on the user id of who's homepage is
requested, e.g. http://www.blabla.com/a-user/ starts with 'a' (a-user)
-> to server for homepages of users with 'a...'.
There were some additional points about bandwith and cabling, why they
wanted to separate the requests like this. Major problem was, that this
went far beyond what I had already done, because my virt. server stuff
only works on IP level, and it doesn't keep track of connections at all.
For this to work I would have to go TCP level, and even start TCP talk,
because the URL that is needed to decide which server to send the
request to doesn't come in the first packet of the connection.
(Why not on user level, which is easy: because lot's of context switches
kernel/user are unacceptable for a high performance project. Don't tell
me it's dirty, this is how it's done by all commercial implementations,
otherwise they'd be too slow. You can't do fast routing in user mode!
And routing it is.)

For explanations what my NAT does see the URL above. The project started
out with several people, one of them Jos Vos, origonal author of Linux'
firewall code and ipfwadm. I was the only one who wrote code after the
initial lengthy and very valuable discussions, however ;-)
I have a (IMHO very good) paper about NAT in general at the above URL.

PLEASE respond via private mail to me (and to the list, up to you),
because I haven't subscribed to this list. The traffic is too crazy, and
my web-mail account has a 3MB mailbox limit.

TIA MH

--
Michael Hasenstein; Siemens Nixdorf (Consultant)
currently @Oracle, California (09/07/1997 - 06/12/1998)
          @PeopleSoft, California (June 98 - ???)
http://www.csn.tu-chemnitz.de/~mha/
Private Pilot (ASEL) since 1998

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html