Re: running OpenBSD on switch hardware

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Pete Vickers

Subject: Re: running OpenBSD on switch hardware

Date: Friday, April 20, 2007 - 3:53 am

Pete Vickers

pete@systemnet.no |  +47 48 17 91 00

Systemnet AS


On 20 Apr 2007, at 10:42 AM, Claudio Jeker wrote:

quoted text> On Fri, Apr 20, 2007 at 09:48:44AM +0200, Toni Mueller wrote:
>> Hi Claudio,
>>
>> On Fri, 06.04.2007 at 12:09:38 +0200, Claudio Jeker  
>> <cjeker@diehard.n-r-g.com> wrote:
>>> Even the most expensive Cisco/Foundry/Extreme switches have not  
>>> the CPU
>>> power to route or filter packets.
>>
>> how comes they boast running BGP and such stuff? Eg. Cisco 6509  
>> and up,
>> or Extreme Black Diamond?  This requires real routing capabilities,
>> doesn't it?
>>
>
> Depends on your definition of routing capabilities. Layer 3 switches
> (ab)use the CAM to do route lookups. For example the Cisco 7600  
> switching
> router is able to route/switch at high pps rates under normal (lab)
> circumstances but they start to trash when your network is under a  
> DDoS
> attack. This comes from the fact that the CAM table is overflooded  
> and so
> many packets are redirected to the CPU for a slow routing lookup.
> Most L3 switches have small CAM tables and so only small routing  
> tables
> can be handled efficently on those systems (small as in <20'000 routes
> which is nothing compared to the 215'000 bgp prefixes seen on a full
> view).
> Also note that switching router do lookups in HW so any feature  
> that is
> not part of the HW engine needs help from the main CPU. Tunneling,  
> IPsec,
> statefull filtering, L2TP, MPLS VPN and so on are either not  
> available or
> are done fully in software.
>
> L3 switches can be compared to running a system with 64M Ram and  
> 4GB of
> swap. Paging and swapping makes the box comparable to one with 4GB  
> of RAM
> until your running processes start to use more than the 64M available.
>
> -- 
> :wq Claudio
>

Hi,

With SUP32/SUP720 and PFC2/3 this is much less a problem, as stated  
below. In fact, you can do a lot of config on the TCAM itself to  
mitigate DDoS associated problems:

http://www.cisco.com/en/US/products/hw/switches/ps708/ 
products_white_paper09186a00800c9470.shtml#wp43045

/Pete

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

running OpenBSD on switch hardware, RedShift, (Thu Apr 5, 8:17 am)

Re: running OpenBSD on switch hardware, Karl Sjödahl - dunceor, (Thu Apr 5, 9:52 am)

Re: running OpenBSD on switch hardware, Siju George, (Thu Apr 5, 5:34 pm)

Re: running OpenBSD on switch hardware, Douglas Allan Tutty, (Thu Apr 5, 5:51 pm)

Re: running OpenBSD on switch hardware, Steve Shockley, (Thu Apr 5, 7:22 pm)

Re: running OpenBSD on switch hardware, Sam Fourman Jr., (Thu Apr 5, 7:32 pm)

Re: running OpenBSD on switch hardware, Diana Eichert, (Thu Apr 5, 8:48 pm)

Re: running OpenBSD on switch hardware, Karl Sjödahl - dunceor, (Thu Apr 5, 11:36 pm)

Re: running OpenBSD on switch hardware, rc, (Fri Apr 6, 12:14 am)

Re: running OpenBSD on switch hardware, RedShift, (Fri Apr 6, 12:25 am)

Re: running OpenBSD on switch hardware, RedShift, (Fri Apr 6, 1:26 am)

Re: running OpenBSD on switch hardware, rc, (Fri Apr 6, 1:54 am)

Re: running OpenBSD on switch hardware, tb@tbits.net, (Fri Apr 6, 1:56 am)

Re: running OpenBSD on switch hardware, Stuart Henderson, (Fri Apr 6, 2:08 am)

Re: running OpenBSD on switch hardware, Claudio Jeker, (Fri Apr 6, 3:09 am)

Re: running OpenBSD on switch hardware, Siju George, (Fri Apr 6, 3:51 am)

Re: running OpenBSD on switch hardware, RedShift, (Fri Apr 6, 4:35 am)

Re: running OpenBSD on switch hardware, Reyk Floeter, (Fri Apr 6, 4:38 am)

Re: running OpenBSD on switch hardware, Toni Mueller, (Fri Apr 20, 12:48 am)

Re: running OpenBSD on switch hardware, Stuart Henderson, (Fri Apr 20, 1:36 am)

Re: running OpenBSD on switch hardware, Claudio Jeker, (Fri Apr 20, 1:42 am)

Re: running OpenBSD on switch hardware, Pete Vickers, (Fri Apr 20, 3:53 am)

Navigation

Popular discussions


linux-kernel:
Greg Kroah-Hartman	[PATCH 041/196] kobject: add kobject_init_and_add function
Lukas Hejtmanek	Re: Another libata error related to OCZ SSD
Greg Kroah-Hartman	[PATCH 023/196] MCP_UCB1200: Convert from class_device to device
Florian Fainelli	Re: System clock runs too fast after 2.6.27 -> 2.6.28.1 upgrade
Christoph Lameter	[patch 1/4] mmu_notifier: Core code
git:
Johannes Schindelin	Re: [PATCH 1/2] Add strbuf_initf()
John Bito	[EGIT] Push to GitHub caused corruption
Jakub Narebski	Re: [PATCH 0/2] gitweb: patch view
Junio C Hamano	Re: [PATCH] When a remote is added but not fetched, tell the user.
Andy Parkins	Re: [RFC] Submodules in GIT
git-commits-head:
Linux Kernel Mailing List	ahci: Workaround HW bug for SB600/700 SATA controller PMP support
Linux Kernel Mailing List	V4L/DVB (11086): au0828: rename macro for currently non-function VBI support
Linux Kernel Mailing List	ceph: client types
Linux Kernel Mailing List	ceph: on-wire types
Linux Kernel Mailing List	crypto: chainiv - Use kcrypto_wq instead of keventd_wq
linux-netdev:
Andrew Morton	Re: [Bugme-new] [Bug 14969] New: b44: WOL does not work in suspended state
Giuseppe CAVALLARO	Re: [PATCH 03/13] stmmac: add the new Header file for stmmac platform data
Taku Izumi	[PATCH 3/3] ixgbe: add registers etc. printout code just before resetting adapters
Eric Dumazet	rps: some comments
Thomas Gleixner	Re: [RFC PATCH 02/12] On Tue, 23 Sep 2008, David Miller wrote:
openbsd-misc:
Stephan Andreas	problems with login after xlock in OpenBSD release 4.7
pmc	Make A Change. Alcoholism and Drug Addiction Treatment
ropers	Re: what exactly is enc0?
Fuad NAHDI	Re: What does your environment look like?
Matthew Szudzik	Typo on OpenBSD 4.4 CD Set

Colocation donated by:

Syndicate