* David Newman <[EMAIL PROTECTED]> [2007-09-05 17:40]: > -----BEGIN PGP SIGNED MESSAGE----- > >> Can any one comment on this ? Would it not be better to use some think > >> like a Cisco layer 3 GB switch. > > sure it is better, assuming you call "I paid $100,000 for a $5 CPU that > > falls over at 5000pps*" better. > > > > *when the packets are just a tiny bit different from what cisco expects > > and can handle in the fast path, they go to the main cpu, which is > > incredibly slow on pretty much any cisco you can buy > Here you are referring to slow-path processing for packets with IP > options set. That's normal with all switches, not just Cisco's.
yep. but basicaly everybody else has faster host CPUs - so they still suffer, but they don't go down as badly. > This also suggests 5000 pps is the expected performance, which is not > the case. Spending US$100k on a switch from Cisco, Foundry, or Force10 > will get you fast-path processing in the tens of millions of pps or more > (which AFAIK even the studliest of server hardware doesn't do today) and > slow-path processing in the 10000s of pps or more. no, I have fixed networks by removing >$100k cisco gear that was falling over under way less than 5k pps. > OTOH I fully agree that lower end boxes (and even some higher ones such > as older Sup cards on Cat 65xxs) have relatively slow CPUs. i have yet to see a cisco box where the host CPU is not pathetically slow. > The key question is whether you have slow-path traffic to begin with. your slow-path traffic is a perfect attack vector... and some stuff goes slow-path that you totally would not expect to. anyway, this is not a cisco list, so no point in discussing their design fuckups here. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
