I can understand how a virus like Welchia can affect a flow-based architecture like Extremes. I was under the impression that CEF enabled Cisco gear wouldnt have this problem, but Cisco has instructions on their webpage on how deal with it and cites CPU usage as the reason. With CEF I thought the CPU wasn't involved? CEF is perhaps differently implemented on different plattforms?
I think CEF in HW is the key, ASIC based and not Flow based. I'm not all-knowlegable on which platforms do this, but the 7500, 12000, 2948G-L3, 4908 have it.
Whether CEF is ASIC-based or in software is not an issue as such. CEF is _not_ flow routing; CEF tables contain only destinations (not source+destination or port numbers), they contain entire destination prefixes not single IP addresses, they are pre-built and maintained from the routing tables rather than added entry-by-entry as traffic arrives. CPU is still an issue in some cases because when a destination is on an attached network and has no ARP entry, there is no CEF adjacency for it; accordingly, when traffic arrives for that destination it is punted to process level in order to trigger an ARP. Once the ARP succeeds the adjacency is set up and further packets are routed via CEF (whether hardware or software according to platform). However, if the destination is not adjacent, this does not apply (since the ARP entry for the next-hop router will already be present) and all packets will be CEF-switched. (Enabling CEF is often mentioned in Cisco docs as a workaround for worm traffic problems.) -- Andrew, Supernews http://www.supernews.com - individual and corporate NNTP services