tcp hostcache and ip fastforward for review
Haesu
haesu at towardex.com
Thu Nov 13 05:51:09 PST 2003
> Everything is not black or white.
>
> A flow cache can accelerate for example Access Control Lists
> and/or firewalling, since only the first packet needs to be
> verified.
That is true , yea. But also note that ACLs in provider environment
are often used during times of diverse DoS attacks which flow-based routing
systems can faint easily.. :-(
[ ... snip ... ]
>
> Cisco's newer stuff does the flow-cache independent of the forwarding, i.e.
> the
> flow is more of an accounting cache.
Yup, and we use it extensively at the border (Netflow) to do accounting and
traffic statistics as well. But still, Cisco relies on use of CEF to actually
route, I believe Netflow is used for accounting purposes now (although back
in the old days, netflow used to be the acceleration mechanism, but CEF took
over the routing part..).....<--But, I may be wrong here :) Where as at the
same time, many "layer-3 switches" vendors (the E vendor, the F vendor, tsk
tsk) completely rely on use of flow based for actual _routing_ of the packet
while marketing their stuff "OMG 16GBPS BACKBPLANE". Well, 16Gbps is good and
all during well behaved traffic, but good luck handling a diverse DoS :(
I've had an
E-vendor switch that went haywire during 56kpps diverse-destination DDoS a while
back..
Regards,
-hc
--
Haesu C.
TowardEX Technologies, Inc.
Consulting, colocation, web hosting, network design and implementation
http://www.towardex.com | haesu at towardex.com
Cell: (978)394-2867 | Office: (978)263-3399 Ext. 170
Fax: (978)263-0033 | POC: HAESU-ARIN
>
> --Anders, not affiliated with Cisco
>
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
More information about the freebsd-net
mailing list