On Mon, 13 Oct 2003, Andy Walden wrote:
I don't know of anyone else who *routes* ICMP. Yes, ICMP packets destined for the router, but Extreme actually CPU route all ICMP packets passing thru.
I'm not 100% sure what your trying to say above, but all I'm refering to is packets destined towards the device itself.
Which I was not.
Maybe, maybe not. It could be more granular then that, which would allow for addition functionality based on other fields in the IP header. Every
It isn't. The ipfdb is basically a DestIP, port and mac address in its pursest form. This is the default.
Also, the original question was about switching. For layer-2 flows with unique MAC addresses reach the CPU as well? Probably.
It would in basically all switches I know of.
Have you tested this? I'm always interested in different vendor's flow setup rates.
Well, empirical studies say that "clear ipfdb" on a full ipfdb table makes the switch become unresponsive and fully occupied with ipfdb entry creation for something like 10-40 seconds. No, I have not measued it more closely than that.
I'm not sure this would make sense. How would the device know to drop or forward the packet if a flow, even if it is a drop flow, hasn't been created?
Because the ACLs aren't applied to flows but are matched separately before a forwarding decision has been made. Think of it as a PXF grid that does things before the CPU. As far as I know they do this: L3 packet comes in. It's matched for ACL (ACLs are used to QoS stuff as well) matched for policy routing after this, it's checked in the ipfdb and if it's not found then punted to the CPU. If it's an ICMP packet it's always punted to the CPU. So dropping packets is all done in ASIC. -- Mikael Abrahamsson email: swmike@swm.pp.se