On Wed, Jan 5, 2011 at 11:30 PM, Dobbins, Roland <rdobbins@arbor.net> wrote:
On Jan 6, 2011, at 11:16 AM, Randy Bush wrote:
actually, the formal rpki-based origin-validation stuff is measured to take *less* cpu, a lot less, than ACLs
On the platforms which really matter in terms of rPKI, ACLs are handled in hardware, so this is pretty much a wash.
I think ACLs here means prefix-lists ... or I hope that's what Randy meant? (prefix-lists are still, I believe, handled in the router CPU, and the normal router OS not in hardware)
Concur on all the other points, however.
cool, thanks! -chris
------------------------------------------------------------------------ Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Most software today is very much like an Egyptian pyramid, with millions of bricks piled on top of each other, with no structural integrity, but just done by brute force and thousands of slaves.
-- Alan Kay