On Sun, Jan 25, 2004 at 09:39:05PM +0100, Mikael Abrahamsson wrote:
This is interesting, what problems did you run into?
We have an extensive Extreme networks used both for L2 and L3, and apart from the fact that it always cpu routes ICMP, I see no major flaw in the L3 forwarding function (for access/distribution) for all normal purposes.
ACLs are per-port and known to be buggy when operating on port numbers - in particular UDP ACLs match will match arbritary data when presented with a subsequent IP fragments (think NFS...) As pointed out in a similar thread recently, the 'flow-based' (well, destination IP based) ipfdb will crap out on the Extremes under heavy load - e.g. virus'd machines internal to your network doing heavy scanning. Symptom is very poor performance and the 'top' command will show heavy CPU usage as subsequent flows are CPU routed.
My few experiences with the Cisco 3550 as L3 routers has been much worse, even with claimed CEF capability I have seen it melt and die where the equivalent Extreme box didnt experience the same problems (of course there are cases where it's the other way around). Overall I have more confidence in the Extreme access boxes for L3 than Ciscos equivlanent, and they definately kick ciscos ass when it comes to L2 (mac address table size and number of vlans for instance).
The 'recommended max' number of SVIs for the 3550 is something low like 8. There is no limited stated in the datasheet for the 3750 - is anyone running more than 8 SVIs on a 3750? The ACL capability on the 3550 seems a lot more capable but the lack of unicast RPF is irritating. (More irritating, 'ip verify unicast reachable-via...' is accepted but silently does nothing) I'd be very interested to hear what conditions you've found cause problems for Cat3550s. We're planning to buy quite a few more of this range (probably 3750-24) to reduce L2 size in our network and for CPE-type uses.