ferryproxy/ferry

some design questions

Closed this issue · 10 comments

hi, I've also been studying multi-cluster networks recently, I've seen ferry and it seems like it builds a tunnel every time it connects to an svc, why not use tun2SOCKs, like kt-connect, he only seems to build one channel.

Hi @duanmengkk,
Thanks for opening an issue!
We will look into it as soon as possible.

Details

Instructions for interacting with me using comments are available here.
If you have questions or suggestions related to my behavior, please file an issue against the gh-ci-bot repository.

Tun just forwards packets on the L2 network, and socks goes back to using multiple tcp connections, which doesn't save any resources, so I think you might need https://submariner.io/.

In fact, kt-connect uses the ssh protocol as a proxy for connections, which relies on the connection multiplexing capabilities of ssh, and works on a single tcp regardless of the number of connections, ferry also uses the same ssh.

Here's a discussion between me and the author wzshiming/socks5#3

I was actually going to add tun support to the user terminal, but I haven't had time to do it lately,
and was going to use the new tun package I made to replace tun2socks, improving it as I went along. 😄 https://github.com/wzshiming/tun .

Thanks for your answer,another question,if svc port number is very long,can ferry or kt-connect satisfy it?
image

How long is it? Isn't the maximum only 65535?

How long is it? Isn't the maximum only 65535?

I mean if the number of svc is bigger than 65535, can ferry satisfy it?

Currently, the number of services imported into a cluster is limited by the number of Pod ports, but the export is not. In the future, it may be possible to support a large number of service imports by supporting multiple Pods sharing import ports.

ok,thanks