On Fri, Dec 2, 2016 at 11:07 AM, Christopher Morrow <morrowc.lists@gmail.com
wrote:
On Fri, Dec 2, 2016 at 11:02 AM, Simon Lockhart <simon@slimey.org> wrote:
On Fri Dec 02, 2016 at 10:29:56AM -0500, Christopher Morrow wrote:
you'd think standard testing of traffic through the asic path somewhere between 'let's design an asic!' and 'here's your board ms customer!' would have found this sort of thing, no? or does testing only use 1 mac address ever?
Well, it's actually payload, rather than src/dst MAC used for forwarding, so there's quite a few more combinations to look for...
2^(8*9216) is quite a lot of different packets to test through the forwarding path... But, wait, that assumes every bit combination for 9216 byte packets, but the packet might be shorter than that... So multiply that by (9216-64).
but most/all forwarding asics (aside from perhaps extreme's?) only deal with the first N bits in the header (128 or so..) so... not quite as many right?
This sounds related to the well-known (at least 10+ years) issues around guessing the type of IP packet by looking at the first nibble of the encapsulated packet. Take a quick look at RFC 7325, section 2.4.5.1 bullet 6. This is what using the pseudo-wire code-word is meant to protect against. I don't know if that's an option for networks using this. Regards, Alia
Anyone want to work out how many years that'd take to test, even at 100G?
Simon