* Stuart Henderson [EMAIL PROTECTED] [2008-08-01 19:06]:
On 2008-07-28, Joe Greco [EMAIL PROTECTED] wrote:
I have yet to look into *BSD based solutions, but hear very good things
about firewall performance. I don't know about BGP/OSPF/MPLS etc support
on FreeBSD but am going to wager a
On 2008-07-28, Joe Greco [EMAIL PROTECTED] wrote:
I have yet to look into *BSD based solutions, but hear very good things
about firewall performance. I don't know about BGP/OSPF/MPLS etc support
on FreeBSD but am going to wager a guess its on par with Linux if not
better.
The underlying
Aaron Glenn wrote:
On 7/28/08, Seth Mattinen [EMAIL PROTECTED] wrote:
Junpier's J-series is a BSD based platform as far as I understand it.
ImageStream is *much* more affordable for me, but is Linux-based, and I fear
...snip...
AFAIK, none of Juniper's Juniper kit rocks BSD outside of
Andrew D Kirch wrote:
Anyone have experience with RouterOS (http://www.mikrotik.com/)?
Created mostly to run on these guys I think
(http://www.routerboard.com/comparison.html) which generally don't
get above 200k pps on the higher models.. But will RouterOS run on
bigger boxen?
Yes I do, and
This is not exactly true. The modern Linux kernel (2.6) uses some amount
of flow tracking in order to do route caching. You can check this out on
your system by:
ip route show cache
It keeps track of Src/Dst/QoS/Ethernet adapters/etc.. Additionally most
systems have the iptables modules
This is not exactly true. The modern Linux kernel (2.6) uses some amount
of flow tracking in order to do route caching. You can check this out on
your system by:
ip route show cache
Okay...
# ip route show cache
ip: Command not found.
#
So I guess that's all well and good for me.
It
Sargun Dhillon wrote:
This is not exactly true. The modern Linux kernel (2.6) uses some amount
of flow tracking in order to do route caching. You can check this out on
your system by:
ip route show cache
Did you mean route -C ?
I like the idea and price point of the ImageStream products,
but knowing how bad Linux is at being a router and that their
products are Linux-based, I'm afraid to give one a try. J
products are based on a competing non-Linux platform that has
a better reputation for routing.
Enough with the bipartisan politics. There are more choices than
just
[EMAIL PROTECTED] wrote:
but knowing how bad Linux is at being a router and that their
products are Linux-based, I'm afraid to give one a try. J
products are based on a competing non-Linux platform that has
a better reputation for routing.
Enough with the bipartisan politics. There are
[EMAIL PROTECTED] wrote:
but knowing how bad Linux is at being a router and that their
products are Linux-based, I'm afraid to give one a try. J
products are based on a competing non-Linux platform that has
a better reputation for routing.
Enough with the bipartisan politics. There are more
Seth Mattinen wrote:
[EMAIL PROTECTED] wrote:
but knowing how bad Linux is at being a router and that their
products are Linux-based, I'm afraid to give one a try. J products
are based on a competing non-Linux platform that has a better
reputation for routing.
Thanks for being
H. Well then you probably don't want to use Linux/BSD as a router,
as a substantial amount of DIY is required for anything beyond
relatively simple routing. MPLS support (on Linux) for example is in
early phases and requires integrating separate pieces and is best
supported on
Justin Sharp wrote:
[EMAIL PROTECTED] wrote:
but knowing how bad Linux is at being a router and that their
products are Linux-based, I'm afraid to give one a try. J products
are based on a competing non-Linux platform that has a better
reputation for routing.
Enough with the bipartisan
Andrew D Kirch wrote:
Justin Sharp wrote:
[EMAIL PROTECTED] wrote:
Yes I do, and I'm still in therapy. I was pushing 30mbit, and I can't
remember how many PPS through one, and it crashed about once a month
requiring onsite intervention (usually at midnight). This was running
on a
Michael 'Moose' Dinn wrote:
Thanks for being oh-so-helpful with a serious question. Got any useful
answers for me? Give me a vendor that offers your suggestion. I don't have
time for a make-it-myself solution.
What are your requirements?
The problem I'm facing is that if I want
The problem I'm facing is that if I want something from Cisco that can
do at least line-rate T3, I'm looking at least $20k per router. I don't
have a uber-budget, so for me, that's kind of painful when I start to
need more than one plus spare parts. But, I have a high level of
confidence
Another option (if you want a pure Cisco platform) would be to buy a
used Cisco 7500 or 7200 and put a T3 card in there. Those are probably
super cheap through reseller channels. ($20K for a 1+1).
A quick scan of Ebay shows a PA-MC-T3 for $3K, a 7505 +RSP4+PS for $300
and a fast ethernet
Deepak Jain wrote:
The problem I'm facing is that if I want something from Cisco that
can do at least line-rate T3, I'm looking at least $20k per router. I
don't have a uber-budget, so for me, that's kind of painful when I
start to need more than one plus spare parts. But, I have a high
Chris Stebner wrote:
This solution can most be definitely be had for under 5 grand. with the
RSP4+'s (ECC mem) youd be looking at greater than 99.99 percent uptime
if configured with SSO.
But if you end up needing BGP with full routes, throw that out the window. The
RSP16's are expensive
Click for instance http://read.cs.ucla.edu/click/
Thanks for being oh-so-helpful with a serious question. Got
any useful answers for me? Give me a vendor that offers your
suggestion. I don't have time for a make-it-myself solution.
Sorry, but you're in the wrong place. The IP networking
Rubens Kuhl Jr. wrote:
You can use Linux without conntrack. You can either do rmmod
ip_conntrack (unload the module), rm /var/lib/modules/ip_conntrack
(or something like that to erase the file) or use the RAW queue to
forward some packets without connection tracking (-j NOTRACK) and some
others
Jack Bates wrote:
Chris Stebner wrote:
This solution can most be definitely be had for under 5 grand. with
the RSP4+'s (ECC mem) youd be looking at greater than 99.99 percent
uptime if configured with SSO.
But if you end up needing BGP with full routes, throw that out the
window. The
[EMAIL PROTECTED] wrote:
Click for instance http://read.cs.ucla.edu/click/
Thanks for being oh-so-helpful with a serious question. Got
any useful answers for me? Give me a vendor that offers your
suggestion. I don't have time for a make-it-myself solution.
Sorry, but you're in the wrong
On Mon, Jul 28, 2008 at 10:08:32PM +0100, [EMAIL PROTECTED] wrote:
But if you want free suggestions, then you'll have to put up with
half answers, vendor fanboys, and the usual ruckus of NANOG.
As much as I hate to contribute to the problem, I'd like to point out
that the barrage of
On Mon, Jul 28, 2008 at 2:55 PM, Seth Mattinen [EMAIL PROTECTED] wrote:
The problem I'm facing is that if I want something from Cisco that can do at
least line-rate T3, I'm looking at least $20k per router. I don't have a
uber-budget, so for me, that's kind of painful when I start to need more
Andrew D Kirch wrote:
Rev. Jeffrey Paul wrote:
On Mon, Jul 28, 2008 at 10:08:32PM +0100, [EMAIL PROTECTED] wrote:
But if you want free suggestions, then you'll have to put up with
half answers, vendor fanboys, and the usual ruckus of NANOG.
As much as I hate to contribute to the
On Mon, 28 Jul 2008, Rev. Jeffrey Paul wrote:
As much as I hate to contribute to the problem, I'd like to point out
that the barrage of useless, off-topic, empty traffic on this list in
the last week is, in my estimation, quite a bit above the usual ruckus
of NANOG.
While I'm not one to thunk
On Sat, 26 Jul 2008, Dorn Hetzel wrote:
Ok, it's probably a stupid question, but given the relative ease of putting
4gb+ ram on a 64bit platform,
could packet per second performance be improved by brute forcing the route
lookup as an array of 1 byte destination interface indexes for a
* Adrian Chadd:
1 mil pps has been broken that way, but it uses lots of cores to get there.
(8, I think?)
Was this with one packet flow, or with millions of them?
Traditionally, software routing performance on hosts systems has been
optimized for few and rather long flows.
Anyway, with
On Sat, Jul 26, 2008, Florian Weimer wrote:
Was this with one packet flow, or with millions of them?
I believe it was 1 flow. The guy is using an Ixia; I don't know how
he has it configured.
Traditionally, software routing performance on hosts systems has been
optimized for few and rather
Ok, it's probably a stupid question, but given the relative ease of putting
4gb+ ram on a 64bit platform,
could packet per second performance be improved by brute forcing the route
lookup as an array of 1 byte destination interface indexes for a contiguous
swath of /32's from bottom to top?
Route
On Sat, Jul 26, 2008, Florian Weimer wrote:
Was this with one packet flow, or with millions of them?
I believe it was 1 flow. The guy is using an Ixia; I don't know how
he has it configured.
Traditionally, software routing performance on hosts systems has been
optimized for few and
On Sat, Jul 26, 2008 at 1:40 PM, Petri Helenius [EMAIL PROTECTED] wrote:
William Herrin wrote:
But cards like the Intel Pro/1000 have 64k of memory for buffering
packets, both in and out. Few have very much more than 64k. 64k means
32k to tx and 32k to rx. Means you darn well better generate
* Dorn Hetzel:
Ok, it's probably a stupid question, but given the relative ease of
putting 4gb+ ram on a 64bit platform, could packet per second
performance be improved by brute forcing the route lookup as an array
of 1 byte destination interface indexes for a contiguous swath of
/32's from
Zed Usser wrote:
Hi all!
There's been some discussion on the list regarding software routers lately and
this piqued my interest. Does anybody have any recent performance and
capability statistics (eg. forwarding rates with full BGP tables and N ethernet
interfaces) or any pointer to what the
Once upon a time, Andrew D Kirch [EMAIL PROTECTED] said:
I'd like to be wrong, but there's no way that any PC/Commodity routing
system is going to work (in any environment other than Ethernet). For
the small ISP starting out (you know, the ones selling T1's/xDSL), there
are no Channelized
Chris Adams wrote:
Once upon a time, Andrew D Kirch [EMAIL PROTECTED] said:
I'd like to be wrong, but there's no way that any PC/Commodity routing
system is going to work (in any environment other than Ethernet). For
the small ISP starting out (you know, the ones selling T1's/xDSL), there
]
-Original Message-
From: randal k [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 23, 2008 1:46 PM
To: Adrian Chadd
Cc: [EMAIL PROTECTED]
Subject: Re: Software router state of the art
That is a very interesting paper. Seriously, 7mpps with an
off-the-shelf Dell 2950? Even if it were -half
Last thing to say is, I haven't tried upgrading since Vyatta abandoned
the XORP platform and moved to the Quagga platform, but I'm guessing
(based on experience w/ Quagga) that they have a lot fewer of these
quirks that I've described.
Quagga is pretty decent, but it is not uncommon for
Would you rather deploy a $3000 cisco edge box which is a unexpandable,
100 mbit piece of crap, or throw two $2000 Dell boxes and have a 1 GigE
platform?
You don't need two $2000 Dell boxes to get a 1G platform, but this isn't
the list for that. You also don't need a ton of money to do open
To: Adrian Chadd
Cc: [EMAIL PROTECTED]
Subject: Re: Software router state of the art
That is a very interesting paper. Seriously, 7mpps with an
off-the-shelf Dell 2950? Even if it were -half- that throughput, for a
pure ethernet forwarding solution that is incredible. Shoot, buy a
handful of them
Hi all!
There's been some discussion on the list regarding software routers lately and
this piqued my interest. Does anybody have any recent performance and
capability statistics (eg. forwarding rates with full BGP tables and N ethernet
interfaces) or any pointer to what the current state of
On Wed, Jul 23, 2008, Charles Wyble wrote:
This might be of interest:
http://nrg.cs.ucl.ac.uk/mjh/tmp/vrouter-perf.pdf
Various FreeBSD related guys are working on parallelising the forwarding
layer enough to use the multiple tx/rx queues in some chipsets such as the
Intel gig/10ge stuff.
1
On Wed, Jul 23, 2008, Chris Marlatt wrote:
http://unix.derkeiler.com/Mailing-Lists/FreeBSD/net/2008-06/msg00364.html
has all the details. It's rather long thread but 1mpps was achieved on a
single cpu IIRC (the server had multiple cpus but only one being used
for forwarding). Firewall
That is a very interesting paper. Seriously, 7mpps with an
off-the-shelf Dell 2950? Even if it were -half- that throughput, for a
pure ethernet forwarding solution that is incredible. Shoot, buy a
handful of them as hot spares and still save a bundle.
Highly recommended reading, even if (like me)
Adrian Chadd wrote:
On Wed, Jul 23, 2008, Charles Wyble wrote:
Sure its not a CRS-1, but reliably doing a mil pps with a smattering of
low-touch features would be rather useful, no?
(Then, add say, l2tp/ppp into that mix, just as a crazy on-topic example..)
Sounds like a Juniper J-series.
Once upon a time, Adam Armstrong [EMAIL PROTECTED] said:
Sounds like a Juniper J-series. Have a look at the forwarding figures
for the J6350. It does something around 2mpps and it's just an intel CPU
with some PCI/PCI-X interfaces. The device just below it, the J4350 uses
a 2.53Ghz celeron.
On Wed, Jul 23, 2008 at 2:03 PM, Naveen Nathan [EMAIL PROTECTED] wrote:
The Endace DAG cards claim they can move 7 gbps over a PCI-X bus from
the NIC to main DRAM. They claim a full 10gbps on a PCIE bus.
I wonder, has anyone heard of this used for IDS? I've been looking at
building a
On Wed, Jul 23, 2008 at 11:05 AM, Naveen Nathan [EMAIL PROTECTED] wrote:
The Endace DAG cards claim they can move 7 gbps over a PCI-X bus from
the NIC to main DRAM. They claim a full 10gbps on a PCIE bus.
I wonder, has anyone heard of this used for IDS? I've been looking at
building a
We use them here and there (the 1Gig versions). The biggest thing to
think about is the types of rule-sets you'll be using compounded by
the number of flows being created / expired. Once tuned, they work
quite well, but the balance is how fast you can pull/analyze out of
RAM. Compiling the
Date: Wed, 23 Jul 2008 14:17:53 -0400
From: William Herrin [EMAIL PROTECTED]
On Wed, Jul 23, 2008 at 2:03 PM, Naveen Nathan [EMAIL PROTECTED] wrote:
The Endace DAG cards claim they can move 7 gbps over a PCI-X bus from
the NIC to main DRAM. They claim a full 10gbps on a PCIE bus.
I
On Wed, Jul 23, 2008 at 3:59 PM, Kevin Oberman [EMAIL PROTECTED] wrote:
The first bottleneck is the interrupts from the NIC. With a generic
Intel NIC under Linux, you start to lose a non-trivial number of
packets around 700mbps of normal traffic because it can't service
the interrupts quickly
Date: Wed, 23 Jul 2008 16:51:50 -0400
From: William Herrin [EMAIL PROTECTED]
Sender: [EMAIL PROTECTED]
On Wed, Jul 23, 2008 at 3:59 PM, Kevin Oberman [EMAIL PROTECTED] wrote:
The first bottleneck is the interrupts from the NIC. With a generic
Intel NIC under Linux, you start to lose a
On Wed, 23 Jul 2008, Kevin Oberman wrote:
be of any use at all. This would require 3 GB of buffers. This same
problem also make TCP off-load of no use at all.
3 Gigabyte? Why?
The newer 40G platforms on the market seems to have abandonded the 600ms
buffers typical in the 10G space, in
54 matches
Mail list logo
