On Fri, Apr 20, 2007 at 09:48:44AM +0200, Toni Mueller wrote: > Hi Claudio, > > On Fri, 06.04.2007 at 12:09:38 +0200, Claudio Jeker <[EMAIL PROTECTED]> wrote: > > Even the most expensive Cisco/Foundry/Extreme switches have not the CPU > > power to route or filter packets. > > how comes they boast running BGP and such stuff? Eg. Cisco 6509 and up, > or Extreme Black Diamond? This requires real routing capabilities, > doesn't it? >
Depends on your definition of routing capabilities. Layer 3 switches (ab)use the CAM to do route lookups. For example the Cisco 7600 switching router is able to route/switch at high pps rates under normal (lab) circumstances but they start to trash when your network is under a DDoS attack. This comes from the fact that the CAM table is overflooded and so many packets are redirected to the CPU for a slow routing lookup. Most L3 switches have small CAM tables and so only small routing tables can be handled efficently on those systems (small as in <20'000 routes which is nothing compared to the 215'000 bgp prefixes seen on a full view). Also note that switching router do lookups in HW so any feature that is not part of the HW engine needs help from the main CPU. Tunneling, IPsec, statefull filtering, L2TP, MPLS VPN and so on are either not available or are done fully in software. L3 switches can be compared to running a system with 64M Ram and 4GB of swap. Paging and swapping makes the box comparable to one with 4GB of RAM until your running processes start to use more than the 64M available. -- :wq Claudio
