[4281] in North American Network Operators' Group
Re: Re[2]: SYN floods (was: does history repeat itself?)
daemon@ATHENA.MIT.EDU (Paul Frommeyer)
Wed Sep 11 01:59:25 1996
To: Alexis Rosen <alexis@panix.com>
Cc: justin@erols.com (Justin W. Newton), chuckie@panix.com, pcalhoun@usr.com,
nanog@merit.edu, perry@piermont.com
In-Reply-To: Your message of Tue, 10 Sep 1996 22:31:03 -0400.
<199609110231.WAA05665@panix.com>
Date: Tue, 10 Sep 1996 22:53:09 -0700
From: "Paul Frommeyer" <corwin@milo.palas.com>
In reply to your message of Tue, 10 Sep 1996 22:31:03 EDT:
| Justin W. Newton writes:
| > I have found that 2500's do not have the processor for even basic filtering
| > when sitting in front of several hundred modems.
Entirely possible, especially if there is a lot of routing overhead for
those several hundred modems.
| Really? Is there something special about 2500s as compared to AGSes? Alec
| pointed out to me that my numbers were a bit off, but they're not off by
| that much. How much traffic was there on the 2500 that you were trying to
| use for filtering? And how many ports were in use?
There is a big difference, in both hardware architecture and, therefore, how
IOS can exploit it. Even an ancient SCI-4T has more hardware offload
capabilities than the USART in a 2500 series router. Consider that the
SCI can do up to 8 Mbps on a port (tho there's a budget limit a-la CX-FSIP, and
anything over 4.0 Mbps is unsupported), whilst the 2500 cannot go above 4.0
Mbps on any port (and we do not support that configuration, either) without the
USART pulling errors.
The trend has been to optimize our hardware and software, whereas early on
we sought to offload as much into hardware as possible to get the performance
gains. So in short, the AGS has more hardware support than a 2500 for moving
packets, which means that the 2500 CPU has to do more work. Now, it's also a
more sophisticated architecture, so it can do the work and do it well, but
there are definitely trade-offs in overhead-vs-packet-switching. Perhaps a
more learned colleague will venture to correct me if I've erred, but
that's the situation as I understand it.
| FWIW, in terms of low-cost solutions, 4000s and 4500s may still be available,
| and I think the 4000 has the same CPU as an AGS (25MHz 68040) though I might
| be misremembering. I'm sure the 4500 is plenty- it's got a 100MHz MIPS chip
| (from IDT, I think).
We do not recommend the 4000 as a solution at this time, at it remains
something of a-- how shall I put this?-- less than desirable processing
platform. If you are going with new equipment, I strongly urge you to
consider 4500-M/4700-M.
Drat. Now I've gone and broken my streak of flippant and sarcastic messages
to the list. ;-)
Cheers,
Paul
Paul "Corwin" Frommeyer
Work Internet Engineer, CCIE Play
ISP Systems Engineer Network Sorcerer At Large
Cisco Systems, Inc. Paul's Fone Company
pfrommey@cisco.com corwin@palas.com
*** Speaking solely for myself unless otherwise noted ***
