From owner-freebsd-net@FreeBSD.ORG Fri Nov 14 12:28:56 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 71DC716A4CE for ; Fri, 14 Nov 2003 12:28:56 -0800 (PST) Received: from overlord.e-gerbil.net (e-gerbil.net [69.31.1.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2DE2943FE0 for ; Fri, 14 Nov 2003 12:28:53 -0800 (PST) (envelope-from ras@overlord.e-gerbil.net) Received: from overlord.e-gerbil.net (ras@localhost.e-gerbil.net [127.0.0.1]) by overlord.e-gerbil.net (8.12.9/8.12.9) with ESMTP id hAEKSpjg078330; Fri, 14 Nov 2003 15:28:51 -0500 (EST) (envelope-from ras@overlord.e-gerbil.net) Received: (from ras@localhost) by overlord.e-gerbil.net (8.12.9/8.12.9/Submit) id hAEKSlLf078329; Fri, 14 Nov 2003 15:28:47 -0500 (EST) (envelope-from ras) Date: Fri, 14 Nov 2003 15:28:47 -0500 From: Richard A Steenbergen To: Haesu Message-ID: <20031114202847.GX82121@overlord.e-gerbil.net> References: <20031112024507.89398.qmail@web10007.mail.yahoo.com> <3FB20D2B.73624906@pipeline.ch> <20031112195529.GA48020@scylla.towardex.com> <3FB37F09.4050908@lowinger.se> <20031113135130.GA22054@scylla.towardex.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031113135130.GA22054@scylla.towardex.com> User-Agent: Mutt/1.5.1i cc: freebsd-net@freebsd.org Subject: Re: tcp hostcache and ip fastforward for review X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Nov 2003 20:28:56 -0000 On Thu, Nov 13, 2003 at 08:51:30AM -0500, Haesu wrote: > > Yup, and we use it extensively at the border (Netflow) to do accounting and > traffic statistics as well. But still, Cisco relies on use of CEF to actually > route, I believe Netflow is used for accounting purposes now (although back > in the old days, netflow used to be the acceleration mechanism, but CEF took > over the routing part..).....<--But, I may be wrong here :) Where as at the > same time, many "layer-3 switches" vendors (the E vendor, the F vendor, tsk > tsk) completely rely on use of flow based for actual _routing_ of the packet > while marketing their stuff "OMG 16GBPS BACKBPLANE". Well, 16Gbps is good and > all during well behaved traffic, but good luck handling a diverse DoS :( > > I've had an > E-vendor switch that went haywire during 56kpps diverse-destination DDoS a while > back.. Hrm looks like I missed some interesting discussion while not reading this list. :) You're a little off on the implementation of the layer 3 switches. They do not use "flows" persay, but rather their hardware destination lookups are not pre-programmed. This means that when you hit a new destination which has never been seen before, the software must do a slow lookup to program the CAM. This is more like Cisco's fastcache than flowcache, but yes the end result is poor (or rather, unpredictable) performance during random destination routing (worms anyone). The correct solution for scale is to pre-populate the forwarding db with resolutions for every route, every time a routing change is made. In software this is done with a forwarding-only data structure called a FIB, usually a multibit trie. Trading off a meg or two of memory for enhanced and consistant routing performance is certainly acceptable for a router, but it may not make as much sense for a host. Also something to note is that once you move to an architecture which is assured of having a FIB (for longest prefix match lookups), a patricia tree as a RIB becomes one of the worst implementations you can use (for only insertions, deletions, and exact matches). If you're making a router, this is certainly the way to go, but for a host I suspect you're probably going to end up stuck with a toggle switch and a patricia rib for a while to come. -- Richard A Steenbergen http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)