[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Proposal: Separate streams across circuits by destination port or destination host
- To: or-dev@xxxxxxxxxxxxx
- Subject: Re: Proposal: Separate streams across circuits by destination port or destination host
- From: Mansour Moufid <mansourmoufid@xxxxxxxxx>
- Date: Fri, 23 Jul 2010 17:18:33 -0400
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-dev-outgoing@xxxxxxxx
- Delivered-to: or-dev@xxxxxxxx
- Delivery-date: Fri, 23 Jul 2010 17:19:00 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:mime-version:received:in-reply-to :references:from:date:message-id:subject:to:content-type :content-transfer-encoding; bh=A5u0nJqnL0iefAzpBmztUMnLZc01Y8M2+fJ69N4iYK0=; b=GIQnEyovwQX54MD1il0YyzFh69EgWr0YmYiSY2pcNQPAxVAqls8cQpMRKqj/5MovqJ tuirFvSdKSufo+U5871lSCpoJQ5C5yF+jUck71wPm6UTkZ4Mgdb6vlmUSMaIenM1zJpB WTX47loBb1z3TkldK+BM1Vx1gv2nAUYcrvPEg=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type:content-transfer-encoding; b=NYBJ1LPbT/2SjOhb25eIUFhMgYa35Ru9zx5E+aAnw9XfSAqxxtb4/QzOJ/1rdfvpCs AQqqP1V4EBHMBEfOOsciN/zM9RPkAjs+UbUjPLJ9WmSpQFXTvbi1CB5R4otcV/kFtYx4 +TCXjKpX85CPQsNhlqYxgxz2oa0uDqew06SCg=
- In-reply-to: <87wrsm9fs7.fsf@xxxxxxxxxxx>
- References: <4C49AF2D.5090603@xxxxxxxxxxxxx> <87wrsm9fs7.fsf@xxxxxxxxxxx>
- Reply-to: or-dev@xxxxxxxxxxxxx
- Sender: owner-or-dev@xxxxxxxxxxxxx
On Fri, Jul 23, 2010 at 3:09 PM, Linus Nordberg <linus@xxxxxxxxxxx> wrote:
> 2. >IsolateStreamsByPort will take a list of ports or optionally the
> Â >keyword 'All' in place of a port list. The use of the keyword 'All'
> Â >will ensure that all connections attached to streams will be
> Â >isolated to separate circuits by port number.
>
> Â Just to make it clear, would a packet sent to hostA:port1 end up
> Â on the same circuit as one sent to hostB:port1?
If I understand correctly, the answer is yes if IsolateStreamsByHost
is set to 'False' (the proposed default).
> 3. If 2 says yes, would this turn into a no if IsolateStreamsByHost was
> Â enabled?
Correct. The two options are independent, so if IsolateStreamsByHost
is set to 'True', then it is always true that circuit(hostA:portx) !=
circuit(hostB:porty), regardless of ports x and y (even if x == y).
Now my understanding is that if IsolateStreamsByPort is set to 'All'
and IsolateStreamsByHost is set to 'True', then circuit(h_1, p_1) !=
... != circuit(h_m, p_n) is always true for all permutations of hosts
h in {h_1, ..., h_m} and ports p in {p_1, ..., p_n}.
As the proposal mentions, the number of circuits can grow quickly in
that case (imagine the overhead from Bittorrent), so limiting the
ports list to 22, 80 and such is a good idea, but you might also
consider just turning off IsolateStreamsByHost entirely if certain
limits are reached.
This is an excellent proposal. :)
--
Mansour Moufid