On Mon, 13 Oct 2003, Mikael Abrahamsson wrote:
On Sun, 12 Oct 2003, Andy Walden wrote:
Actually, as far as I know, all switches and routers use the CPU to process ICMP. It is a control protocol and the safest option is to ensure the vendor has implemented some sort of CPU rate-limiting so it can't be overwhelmed.
I don't know of anyone else who *routes* ICMP. Yes, ICMP packets destined for the router, but Extreme actually CPU route all ICMP packets passing thru.
I'm not 100% sure what your trying to say above, but all I'm refering to is packets destined towards the device itself.
This is the kicker and real question: does it require the CPU to forward regular traffic? I believe the answer is yes, the Extreme is a flow-based architecture and the first packet of each unique flow (however it is defined) will need to be processed by the CPU. This is why the problems
Yes, exactly what I'm saying. Flow here is defined as a destination IP number.
Maybe, maybe not. It could be more granular then that, which would allow for addition functionality based on other fields in the IP header. Every additional field it uses to define a flow increase the number of packets that reach the CPU expotentially. Destination could be enough though with the way some viruses scan address space at a rapid pace all creating new destination flows. Also, the original question was about switching. For layer-2 flows with unique MAC addresses reach the CPU as well? Probably.
described above occur. The alternative is a packet-based architecure and does not rely on the CPU for forwarding. It doesn't take a lot of packets to overwhelm any CPU.
Quite, 10kpps is enough, if even that.
Have you tested this? I'm always interested in different vendor's flow setup rates.
They do everything in hardware when it comes to access lists, QoS etc. Either it does it in ASIC without performance impact or not at all.
Assuming the CPU doesn't have to process the first packet before it reaches the ACL, QoS policy, etc..
Well, actually I believe ACLs are processed on ingress before being punted to the CPU even though the flow hasnt been set up yet. This is the observation I have seen so far anyway, but I am not 100% sure.
I'm not sure this would make sense. How would the device know to drop or forward the packet if a flow, even if it is a drop flow, hasn't been created?
I can understand how a virus like Welchia can affect a flow-based architecture like Extremes. I was under the impression that CEF enabled Cisco gear wouldnt have this problem, but Cisco has instructions on their webpage on how deal with it and cites CPU usage as the reason. With CEF I thought the CPU wasn't involved? CEF is perhaps differently implemented on different plattforms?
CEF certainly can limit the amount the CPU is used, and DCEF even more. I'm not sure that Extreme has an equivilant feature though. andy -- PGP Key Available at http://www.tigerteam.net/andy/pgp