From owner-freebsd-net Wed Jul 4 7: 4:11 2001 Delivered-To: freebsd-net@freebsd.org Received: from whizzo.transsys.com (whizzo.TransSys.COM [144.202.42.10]) by hub.freebsd.org (Postfix) with ESMTP id 74D6D37B409; Wed, 4 Jul 2001 07:04:08 -0700 (PDT) (envelope-from louie@whizzo.transsys.com) Received: from whizzo.transsys.com (#6@localhost.transsys.com [127.0.0.1]) by whizzo.transsys.com (8.11.3/8.11.3) with ESMTP id f64E44331564; Wed, 4 Jul 2001 10:04:04 -0400 (EDT) (envelope-from louie@whizzo.transsys.com) Message-Id: <200107041404.f64E44331564@whizzo.transsys.com> X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4 To: Wes Peters Cc: Bakul Shah , Ruslan Ermilov , Deepak Jain , net@FreeBSD.ORG X-Image-URL: http://www.transsys.com/louie/images/louie-mail.jpg From: "Louis A. Mamakos" Subject: Re: fastforwarding? References: <200107021954.PAA25927@goliath.cnchost.com> <3B41EB64.3B753DDE@softweyr.com> In-reply-to: Your message of "Tue, 03 Jul 2001 09:57:24 MDT." <3B41EB64.3B753DDE@softweyr.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 04 Jul 2001 10:04:04 -0400 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > Even if it takes 0 ns to do a route lookup, a stock freebsd > > system can't do more than 20K ~ 100K pkts/second due to many > > bottlenecks. In a hardware accelrated router one can easily > > do 10M route lookups *without* using an expensive & power > > hungry fancy CAM. But they may be worth it if you want to > > route 1M+ pkts/second *and* you want to do packet matching. > > Such as a routing switch would do. Plus you have the added advantage that > the route caches scale well to multiple indepdendant "smart" interfaces, > which is not likely to be added to a generic FreeBSD system. Except there > are all these PCI based smart network cards popping up on the market these > days, and it would be possible to scale the fastforwarding code directly > onto the network cards... But beware of what happens when you get cache misses. Perhaps this isn't an issue for 90% of users, but in a router with the entire Internet routing table of 100K+ routes, along with frequent churn, this is very serious. To describe a real example: 4 or 5 years ago, we used Cisco 7000 series routers with a SSE (Silicon Switch Engine) forwarding accelerator. This was essentially a cache-based strategy, where the forwarding tables were computed elsewhere on the main CPU running the routing protocols, and then pushed into the SSE. The problem is that with a router in the default-free part of the Internet, with 100K+ routes, that the routes ARE ALWAYS CHANGING. There is constant churn, and if you don't have sophisticated partial cache invalidatation strategies, you end up tossing the contents of the fowarding cache every few seconds due to the background churn. The cost of a cache miss is high, and this can become high enough to starve the main cpu running the routing protocols until routing adjacencies begin to fail, further introducing more instability into the routing system and driving the system over the cliff into collapse. I've seen this happen, and it's great fun to observe if it's not your network that it's happening to. Most router benchmarks and testing processes these days test forwarding capacity in the face of routing table churn, which is closer to the real-world experience. Personally, I don't buy forwarding cache-based routers because this is a sign that the underlying infrastucture isn't fast enough and you're banking on the cache hit rate being high enough to save your ass. Of course, there are wonderful DoS attacks against cache-based routers which are simply sending a bunch of packets at high rates each to a different address, forcing a cache miss on every packet. Seen that one too. louie To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message