* Tony Sarendal <[EMAIL PROTECTED]> [2007-10-22 01:19]: > On 10/21/07, Henning Brauer <[EMAIL PROTECTED]> wrote: > > well, you can go stateful up to a certain point and handle stuff above > > stateless (better than dropping), like > > > > pass out on X from $foo > > pass in on X to $foo > > pass out on X from $foo keep state(max 10000) > > > To design a reliable IP network I would need the devices to be able to > handle > the desired pps rate even when that state limit is exceeded.
so? where is the contradiction here? > Many routing devices have over the years achieved good performance by > different flow caching > methods, we have over the years also learnt that this is a bad thing in > uncontrolled environments > like the Internet. no, that is entirely bullshit, sorry. if flow cahcing allows your device to work more efficient in the usual case, hey, excellent, you would be dumb to not use it. this does NOT save you from either leaving enough headroom that you can heandle the packet rate when exceeding your state limit or at least know about and live with the limitation. > A reliable IP router is wirespeed and stateless. There is no getting around > that. oh really. I say it is bullshit. there is no single wirespeed in all circumstances router on the market, not even for fast ethernet. that is a marketing gag. a 10 MBit/s stream of correctly and purposefully craftet packets brings each and every router you can buy to its knees. if it works like an OpenBSD machine with stateful filters which prefers established states in the overload case, it doesn't suffer as badly as the stateless ones. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
