Date: Thu, 13 Nov 2003 08:51:30 -0500 From: Haesu <haesu@towardex.com> To: Anders Lowinger <anders@lowinger.se>, freebsd-net@freebsd.org Subject: Re: tcp hostcache and ip fastforward for review Message-ID: <20031113135130.GA22054@scylla.towardex.com> In-Reply-To: <3FB37F09.4050908@lowinger.se> References: <20031112024507.89398.qmail@web10007.mail.yahoo.com> <3FB20D2B.73624906@pipeline.ch> <20031112195529.GA48020@scylla.towardex.com> <3FB37F09.4050908@lowinger.se>
next in thread | previous in thread | raw e-mail | index | archive | help
> Everything is not black or white. > > A flow cache can accelerate for example Access Control Lists > and/or firewalling, since only the first packet needs to be > verified. That is true , yea. But also note that ACLs in provider environment are often used during times of diverse DoS attacks which flow-based routing systems can faint easily.. :-( [ ... snip ... ] > > Cisco's newer stuff does the flow-cache independent of the forwarding, i.e. > the > flow is more of an accounting cache. Yup, and we use it extensively at the border (Netflow) to do accounting and traffic statistics as well. But still, Cisco relies on use of CEF to actually route, I believe Netflow is used for accounting purposes now (although back in the old days, netflow used to be the acceleration mechanism, but CEF took over the routing part..).....<--But, I may be wrong here :) Where as at the same time, many "layer-3 switches" vendors (the E vendor, the F vendor, tsk tsk) completely rely on use of flow based for actual _routing_ of the packet while marketing their stuff "OMG 16GBPS BACKBPLANE". Well, 16Gbps is good and all during well behaved traffic, but good luck handling a diverse DoS :( I've had an E-vendor switch that went haywire during 56kpps diverse-destination DDoS a while back.. Regards, -hc -- Haesu C. TowardEX Technologies, Inc. Consulting, colocation, web hosting, network design and implementation http://www.towardex.com | haesu@towardex.com Cell: (978)394-2867 | Office: (978)263-3399 Ext. 170 Fax: (978)263-0033 | POC: HAESU-ARIN > > --Anders, not affiliated with Cisco > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031113135130.GA22054>