On (2015-02-16 08:55 +0530), Glen Kent wrote: Hey,
You might want to take a look at: http://www.ietf.org/proceedings/89/slides/slides-89-mpls-9.pdf
Look at the slides 11 onwards.
Doing HMAC calculation for each packet adversely affects the number of concurrent sessions that can be supported.
I don't understand the slidedeck. Lets take slide 13, 'hardware support' for authentication. Why in quotes? What hardware is doing the hashing here? Which hash algo? How many cycles per byte for BFD how many more for BFD with algoX? On x86 CPUs it's anything from 1 to 20 cycles per byte, depending on hash algorithm, but HW implementation would be much more efficient. Of course if HW is done serial to the BFD receive/send, then there is non-zero performance cost regardless of how fast the HW is. Separate parallel HW implementation is probably not practical today, as you'd need to use what ever primitives your NPU has? So practical question would ask, what algo is implementable in Trio/EZchip and how would it impact the cycles per BFD packet? Page 14 appears to be only slide doing HW in auth, but I can't be sure, as first example claims 'auth in soft', second does not. Is there only one example in whole slidedeck with auth in hardware, if so, how come ratio in the first example and last examaple in page 14 is same 1/8th, implying HW brings 0 benefit? -- ++ytti