On Sun, 12 Oct 2003, Andy Walden wrote:
Actually, as far as I know, all switches and routers use the CPU to process ICMP. It is a control protocol and the safest option is to ensure the vendor has implemented some sort of CPU rate-limiting so it can't be overwhelmed.
I don't know of anyone else who *routes* ICMP. Yes, ICMP packets destined for the router, but Extreme actually CPU route all ICMP packets passing thru.
This is the kicker and real question: does it require the CPU to forward regular traffic? I believe the answer is yes, the Extreme is a flow-based architecture and the first packet of each unique flow (however it is defined) will need to be processed by the CPU. This is why the problems
Yes, exactly what I'm saying. Flow here is defined as a destination IP number.
described above occur. The alternative is a packet-based architecure and does not rely on the CPU for forwarding. It doesn't take a lot of packets to overwhelm any CPU.
Quite, 10kpps is enough, if even that.
They do everything in hardware when it comes to access lists, QoS etc. Either it does it in ASIC without performance impact or not at all.
Assuming the CPU doesn't have to process the first packet before it reaches the ACL, QoS policy, etc..
Well, actually I believe ACLs are processed on ingress before being punted to the CPU even though the flow hasnt been set up yet. This is the observation I have seen so far anyway, but I am not 100% sure. I can understand how a virus like Welchia can affect a flow-based architecture like Extremes. I was under the impression that CEF enabled Cisco gear wouldnt have this problem, but Cisco has instructions on their webpage on how deal with it and cites CPU usage as the reason. With CEF I thought the CPU wasn't involved? CEF is perhaps differently implemented on different plattforms? -- Mikael Abrahamsson email: swmike@swm.pp.se