tcp hostcache and ip fastforward for review
Richard A Steenbergen
ras at e-gerbil.net
Fri Nov 14 12:28:56 PST 2003
On Thu, Nov 13, 2003 at 08:51:30AM -0500, Haesu wrote:
>
> Yup, and we use it extensively at the border (Netflow) to do accounting and
> traffic statistics as well. But still, Cisco relies on use of CEF to actually
> route, I believe Netflow is used for accounting purposes now (although back
> in the old days, netflow used to be the acceleration mechanism, but CEF took
> over the routing part..).....<--But, I may be wrong here :) Where as at the
> same time, many "layer-3 switches" vendors (the E vendor, the F vendor, tsk
> tsk) completely rely on use of flow based for actual _routing_ of the packet
> while marketing their stuff "OMG 16GBPS BACKBPLANE". Well, 16Gbps is good and
> all during well behaved traffic, but good luck handling a diverse DoS :(
>
> I've had an
> E-vendor switch that went haywire during 56kpps diverse-destination DDoS a while
> back..
Hrm looks like I missed some interesting discussion while not reading this
list. :)
You're a little off on the implementation of the layer 3 switches. They do
not use "flows" persay, but rather their hardware destination lookups are
not pre-programmed. This means that when you hit a new destination which
has never been seen before, the software must do a slow lookup to program
the CAM. This is more like Cisco's fastcache than flowcache, but yes the
end result is poor (or rather, unpredictable) performance during random
destination routing (worms anyone).
The correct solution for scale is to pre-populate the forwarding db with
resolutions for every route, every time a routing change is made. In
software this is done with a forwarding-only data structure called a FIB,
usually a multibit trie. Trading off a meg or two of memory for enhanced
and consistant routing performance is certainly acceptable for a router,
but it may not make as much sense for a host.
Also something to note is that once you move to an architecture which is
assured of having a FIB (for longest prefix match lookups), a patricia
tree as a RIB becomes one of the worst implementations you can use (for
only insertions, deletions, and exact matches). If you're making a router,
this is certainly the way to go, but for a host I suspect you're probably
going to end up stuck with a toggle switch and a patricia rib for a while
to come.
--
Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
More information about the freebsd-net
mailing list