On Thu, 2 Nov 2000, John Kristoff wrote:
J Bacher wrote:
Some suggestions:
A response I get is that they won't do it because it has a negative performance impact on their routers. They blame the router vendors. Suggestion 5), someone calculate what performance penalty there is for typical router configurations when these filters are applied. Show some performance numbers that make the case for or against filtering.
You'll need to take into account the type of hardware being used, as well as the platforms ability to take 'compiled' filter lists, like what Cisco calls Turbo ACL's. Turbo ACL's require 12.0(1)T and up on the 7200-12000 platforms, and supposedly require the same time to process whether the ACL is 1 line or 100. Are there any Tier 1 providers who are using hardware less powerful than the 7200 series? Where I'm currently at, we don't use anything less powerful than the 7200VXR series, with the majority of our hardware made up of GSR's, but we're not a Tier1 provider either. Is there a significant amount of legacy gear deployed out in the Tier-1 networks? I still think my idea of having the router core logic work in a "I don't advertise network x.x.x.x, so I don't pass traffic from network x.x.x.x" manner is an ideal solution, and should work as fast as route table lookups. So far, no one has presented a case where opposite behavior is desirable. -- Joseph W. Shaw Sr. Network Security Specialist for Big Company not to be named because I don't speak for them here. I have public opinions, and they don't.