On Fri, Apr 20, 2007 at 09:48:44AM +0200, Toni Mueller wrote:
quoted text
> Hi Claudio,
> 
> On Fri, 06.04.2007 at 12:09:38 +0200, Claudio Jeker <cjeker@diehard.n-r-g.com> wrote:
> > Even the most expensive Cisco/Foundry/Extreme switches have not the CPU
> > power to route or filter packets.
> 
> how comes they boast running BGP and such stuff? Eg. Cisco 6509 and up,
> or Extreme Black Diamond?  This requires real routing capabilities,
> doesn't it?
> 

Depends on your definition of routing capabilities. Layer 3 switches
(ab)use the CAM to do route lookups. For example the Cisco 7600 switching
router is able to route/switch at high pps rates under normal (lab)
circumstances but they start to trash when your network is under a DDoS
attack. This comes from the fact that the CAM table is overflooded and so
many packets are redirected to the CPU for a slow routing lookup.
Most L3 switches have small CAM tables and so only small routing tables
can be handled efficently on those systems (small as in <20'000 routes
which is nothing compared to the 215'000 bgp prefixes seen on a full
view).
Also note that switching router do lookups in HW so any feature that is
not part of the HW engine needs help from the main CPU. Tunneling, IPsec,
statefull filtering, L2TP, MPLS VPN and so on are either not available or
are done fully in software.

L3 switches can be compared to running a system with 64M Ram and 4GB of
swap. Paging and swapping makes the box comparable to one with 4GB of RAM
until your running processes start to use more than the 64M available.

-- 
:wq Claudio