Hello! You could try to build simple router with DPDK yourself. It's very straightforward and have good examples for simple routing.
I have done some tests with PF_RING ZC (it's very similar technology to DPDK without specialization on building of network devices) while test my DDoS monitoring solution and it work perfectly. I can achieve 8 million of packets per second (10GE with 120byte packets) on very slow Intel Xeon E5 2420. You could look at this tests from PF_RING developers: http://www.ntop.org/pf_ring/pf_ring-dna-rfc-2544-benchmark/ But building router on top of PF_RING or DPDK is very challenging task because everyone want very different things (BGP, OSPF, RIP... etc.). On Tue, Jan 27, 2015 at 1:54 PM, Paul S. <[email protected]> wrote: > Anyone aware of any dpdk enabled solutions in the software routing space > that doesn't cost an arm and a leg? > > vMX certainly does. > > > On 1/27/2015 午後 04:33, Pavel Odintsov wrote: >> >> Hello! >> >> Looks like somebody want to build Linux soft router!) Nice idea for >> routing 10-30 GBps. I route about 5+ Gbps in Xeon E5-2620v2 with 4 >> 10GE cards Intel 82599 and Debian Wheezy 3.2 (but it's really terrible >> kernel, everyone should use modern kernels since 3.16 because "buggy >> linux route cache"). My current processor load on server is about: >> 15%, thus I can route about 15 GE on my Linux server. >> >> Surely, you should deploy backup server too if master server fails. >> >> On Tue, Jan 27, 2015 at 1:53 AM, micah anderson <[email protected]> wrote: >>> >>> Hi, >>> >>> I know that specially programmed ASICs on dedicated hardware like Cisco, >>> Juniper, etc. are going to always outperform a general purpose server >>> running gnu/linux, *bsd... but I find the idea of trying to use >>> proprietary, NSA-backdoored devices difficult to accept, especially when >>> I don't have the budget for it. >>> >>> I've noticed that even with a relatively modern system (supermicro with >>> a 4 core 1265LV2 CPU, with a 9MB cache, Intel E1G44HTBLK Server >>> adapters, and 16gig of ram, you still tend to get high percentage of >>> time working on softirqs on all the CPUs when pps reaches somewhere >>> around 60-70k, and the traffic approaching 600-900mbit/sec (during a >>> DDoS, such hardware cannot typically cope). >>> >>> It seems like finding hardware more optimized for very high packet per >>> second counts would be a good thing to do. I just have no idea what is >>> out there that could meet these goals. I'm unsure if faster CPUs, or >>> more CPUs is really the problem, or networking cards, or just plain old >>> fashioned tuning. >>> >>> Any ideas or suggestions would be welcome! >>> micah >>> >> >> > -- Sincerely yours, Pavel Odintsov
