Date: Mon, 20 Apr 2009 09:29:57 +0200 From: Marko Zec <zec@freebsd.org> To: Kip Macy <kmacy@freebsd.org> Cc: svn-src-head@freebsd.org, Robert Watson <rwatson@freebsd.org>, svn-src-all@freebsd.org, src-committers@freebsd.org, Andre Oppermann <andre@freebsd.org> Subject: Re: svn commit: r191259 - head/sys/netinet Message-ID: <200904200929.57914.zec@freebsd.org> In-Reply-To: <3c1674c90904200001s1d03c7d8udcd2dd4cf99984fd@mail.gmail.com> References: <200904190444.n3J4i5wF098362@svn.freebsd.org> <200904200844.12344.zec@freebsd.org> <3c1674c90904200001s1d03c7d8udcd2dd4cf99984fd@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 20 April 2009 09:01:25 Kip Macy wrote: ... > > But it seems to me that CAM lookups are pretty resilient against DoSing > > by throwing malicious synthetic flows on them, whereas flow caches will > > melt down easily. > > Actually a CAM is a hardware implementation of a hash table. It has > the same limitations. To claim that routers don't use flow tables > because they are handled in hardware is a very strange thing to say. Well I may be missing something, but TCAMs typically used for routing lookups are populated by the router's control plane, i.e. routing protocols, which means that the number of entries in the FIB / TCAM correlates to the size of RIB, i.e. it definitely doesn't grow / shrink dynamically in response to the current flow pattern. And I may not know how CAMs are implemented internally, but I'm not aware of any current vendor who would use (T)CAMs indexed by a flow hash for routing lookups. Wouldn't it be a more common case for a TCAM to hold a FIB table, sorted in a way which lets more specific prefixes having precedence? i.e. FIB TCAM 10.0.1.0/24 -> 00001010 00000000 00000001 XXXXXXXX -> output port X 10.0.0.0/8 -> 00001010 XXXXXXXX XXXXXXXX XXXXXXXX -> output port Y 0.0.0.0/0 -> XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX -> output port Z This definitely doesn't change with flows dynamics IMO. Marko
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200904200929.57914.zec>