[103346] in North American Network Operators' Group
RE: 10GE router resource
daemon@ATHENA.MIT.EDU (Fred Reimer)
Wed Mar 26 09:43:25 2008
Date: Wed, 26 Mar 2008 09:18:34 -0400
In-Reply-To: <4116134.186351206494157370.JavaMail.root@protozoa>
From: "Fred Reimer" <freimer@ctiusa.com>
To: "Patrick Clochesy" <patrick@chegg.com>,
"Adrian Chadd" <adrian@creative.net.au>
Cc: <nanog@nanog.org>
Errors-To: owner-nanog@merit.edu
This is a multipart message in MIME format.
------=_NextPart_000_0247_01C88F22.5DCFD220
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_0248_01C88F22.5DCFD220"
------=_NextPart_001_0248_01C88F22.5DCFD220
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
To answer your question, the 5580 ASA (PIX is EoS if you didn=E2=80=99t =
know) is capable of 10G =E2=80=9CHTTP=E2=80=9D traffic and 20G =
=E2=80=9Cjumbo frame=E2=80=9D packets. However, 64-byte packet rate is =
=E2=80=9Climited=E2=80=9D to 4,000,000pps. And yes, you will pay for =
that performance. You get a lot more than just a packet filter with the =
ASA though.
=20
Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS
Senior Network Engineer
Coleman Technologies, Inc.
954-298-1697
=20
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of =
Patrick Clochesy
Sent: Tuesday, March 25, 2008 9:16 PM
To: Adrian Chadd
Cc: nanog@nanog.org
Subject: Re: 10GE router resource
=20
Very interesting study I had not seen, and a bummer. That really puts a =
cramp in my advocation of our CARP+pf load balancers/firewalls/gateways. =
Than again, what's a PIX box capable of?
I also had to switch to OpenBSD as there was a fatal crash with the =
bridge device in FreeBSD when used with my paticular OpenVPN/CARP/pf =
combination.
AFAIK pf/forwarding only takes place on one core and wouldn't take =
advantage of the other 3 cores, correct?
-Patrick
----- Original Message -----
From: "Adrian Chadd" <adrian@creative.net.au>
To: "Chris Grundemann" <cgrundemann@gmail.com>
Cc: "William Herrin" <herrin-nanog@dirtside.com>, nanog@nanog.org
Sent: Tuesday, March 25, 2008 6:02:03 PM (GMT-0800) America/Los_Angeles
Subject: Re: 10GE router resource
On Tue, Mar 25, 2008, Chris Grundemann wrote:
> To Ann's question on resources; I have only used Linux routers with 1G
> ports but have surpassed 10G total throughput (up+ down) using various
> dual proc set ups, most often Intel Xeon in Dell servers. A gentlemen
> by the name of Martin Pels wrote a good paper on the subject early
> last year that can be found here:
> http://docs.rodecker.nl/10-GE_Routing_on_Linux.pdf. He hit a wall at
> 700K pps and was using two dual core Intel Xeon 64bit 2.33GHz CPUs and
> 2GB of RAM in a Dell PowerEdge 1950.
Mike Tancsa did some benchmarking in late 2006:
http://www.tancsa.com/blast.html
I think things are slightly faster now but not because of a massive
change in software architecture.
Adrian
------=_NextPart_001_0248_01C88F22.5DCFD220
Content-Type: text/html;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:x=3D"urn:schemas-microsoft-com:office:excel" =
xmlns:p=3D"urn:schemas-microsoft-com:office:powerpoint" =
xmlns:a=3D"urn:schemas-microsoft-com:office:access" =
xmlns:dt=3D"uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" =
xmlns:s=3D"uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" =
xmlns:rs=3D"urn:schemas-microsoft-com:rowset" xmlns:z=3D"#RowsetSchema" =
xmlns:b=3D"urn:schemas-microsoft-com:office:publisher" =
xmlns:ss=3D"urn:schemas-microsoft-com:office:spreadsheet" =
xmlns:c=3D"urn:schemas-microsoft-com:office:component:spreadsheet" =
xmlns:oa=3D"urn:schemas-microsoft-com:office:activation" =
xmlns:html=3D"http://www.w3.org/TR/REC-html40" =
xmlns:q=3D"http://schemas.xmlsoap.org/soap/envelope/" xmlns:D=3D"DAV:" =
xmlns:x2=3D"http://schemas.microsoft.com/office/excel/2003/xml" =
xmlns:ois=3D"http://schemas.microsoft.com/sharepoint/soap/ois/" =
xmlns:dir=3D"http://schemas.microsoft.com/sharepoint/soap/directory/" =
xmlns:ds=3D"http://www.w3.org/2000/09/xmldsig#" =
xmlns:dsp=3D"http://schemas.microsoft.com/sharepoint/dsp" =
xmlns:udc=3D"http://schemas.microsoft.com/data/udc" =
xmlns:xsd=3D"http://www.w3.org/2001/XMLSchema" =
xmlns:sub=3D"http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/"=
xmlns:ec=3D"http://www.w3.org/2001/04/xmlenc#" =
xmlns:sp=3D"http://schemas.microsoft.com/sharepoint/" =
xmlns:sps=3D"http://schemas.microsoft.com/sharepoint/soap/" =
xmlns:xsi=3D"http://www.w3.org/2001/XMLSchema-instance" =
xmlns:udcxf=3D"http://schemas.microsoft.com/data/udc/xmlfile" =
xmlns:wf=3D"http://schemas.microsoft.com/sharepoint/soap/workflow/" =
xmlns:mver=3D"http://schemas.openxmlformats.org/markup-compatibility/2006=
" xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns:mrels=3D"http://schemas.openxmlformats.org/package/2006/relationshi=
ps" =
xmlns:ex12t=3D"http://schemas.microsoft.com/exchange/services/2006/types"=
=
xmlns:ex12m=3D"http://schemas.microsoft.com/exchange/services/2006/messag=
es" xmlns=3D"http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3DContent-Type content=3D"text/html; charset=3Dutf-8">
<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3DEN-US link=3Dblue vlink=3Dpurple>
<div class=3DSection1>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>To answer your question, the 5580 ASA (PIX is EoS if you =
didn=E2=80=99t
know) is capable of 10G =E2=80=9CHTTP=E2=80=9D traffic and 20G =
=E2=80=9Cjumbo frame=E2=80=9D packets.=C2=A0 However,
64-byte packet rate is =E2=80=9Climited=E2=80=9D to 4,000,000pps.=C2=A0 =
And yes, you will pay for
that performance.=C2=A0 You get a lot more than just a packet filter =
with the ASA
though.<o:p></o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS</span><span
style=3D'color:#1F497D'><o:p></o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Senior Network Engineer<o:p></o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Coleman Technologies, Inc.<o:p></o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>954-298-1697<o:p></o:p></span></p>
</div>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style=3D'border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt =
0in 0in 0in'>
<p class=3DMsoNormal><b><span =
style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span>=
</b><span
style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'>
owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] <b>On Behalf Of =
</b>Patrick
Clochesy<br>
<b>Sent:</b> Tuesday, March 25, 2008 9:16 PM<br>
<b>To:</b> Adrian Chadd<br>
<b>Cc:</b> nanog@nanog.org<br>
<b>Subject:</b> Re: 10GE router resource<o:p></o:p></span></p>
</div>
</div>
<p class=3DMsoNormal><o:p> </o:p></p>
<p class=3DMsoNormal style=3D'margin-bottom:12.0pt'><span =
style=3D'color:black'>Very
interesting study I had not seen, and a bummer. That really puts a cramp =
in my
advocation of our CARP+pf load balancers/firewalls/gateways. Than again, =
what's
a PIX box capable of?<br>
<br>
I also had to switch to OpenBSD as there was a fatal crash with the =
bridge
device in FreeBSD when used with my paticular OpenVPN/CARP/pf =
combination.<br>
<br>
AFAIK pf/forwarding only takes place on one core and wouldn't take =
advantage of
the other 3 cores, correct?<br>
<br>
-Patrick<br>
<br>
----- Original Message -----<br>
From: "Adrian Chadd" <adrian@creative.net.au><br>
To: "Chris Grundemann" <cgrundemann@gmail.com><br>
Cc: "William Herrin" <herrin-nanog@dirtside.com>,
nanog@nanog.org<br>
Sent: Tuesday, March 25, 2008 6:02:03 PM (GMT-0800) =
America/Los_Angeles<br>
Subject: Re: 10GE router resource<br>
<br>
<br>
On Tue, Mar 25, 2008, Chris Grundemann wrote:<br>
<br>
> To Ann's question on resources; I have only used Linux routers with =
1G<br>
> ports but have surpassed 10G total throughput (up+ down) using =
various<br>
> dual proc set ups, most often Intel Xeon in Dell servers. A
gentlemen<br>
> by the name of Martin Pels wrote a good paper on the subject =
early<br>
> last year that can be found here:<br>
> http://docs.rodecker.nl/10-GE_Routing_on_Linux.pdf. He hit a =
wall at<br>
> 700K pps and was using two dual core Intel Xeon 64bit 2.33GHz CPUs =
and<br>
> 2GB of RAM in a Dell PowerEdge 1950.<br>
<br>
Mike Tancsa did some benchmarking in late 2006:<br>
<br>
http://www.tancsa.com/blast.html<br>
<br>
I think things are slightly faster now but not because of a massive<br>
change in software architecture.<br>
<br>
<br>
<br>
<br>
Adrian<o:p></o:p></span></p>
</div>
</body>
</html>
------=_NextPart_001_0248_01C88F22.5DCFD220--
------=_NextPart_000_0247_01C88F22.5DCFD220
Content-Type: application/x-pkcs7-signature;
name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="smime.p7s"
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIII0jCCAlow
ggHDoAMCAQICEE/N8u+Cjf1akAnPH3Rf2m8wDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UEBhMCWkEx
JTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQ
ZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA4MDEyMjIxMjcyN1oXDTA5MDEyMTIxMjcy
N1owRDEfMB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjEhMB8GCSqGSIb3DQEJARYSZnJl
aW1lckBjdGl1c2EuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFAAtjFvwayIA70SOY
SunlDptyQhb1DviV+LHKOcX5MadLk2NANpODodUvSUb2AgwAqOkCv7cEEMVTAtYaupWbqtyTSTC8
/T8+mmKwBFgci1PmQrkfE30vneHVuylH2n/lKE4vbLXDFKpcIvqSE8SkgAxQFF2+npog2Uxase9t
6QIDAQABoy8wLTAdBgNVHREEFjAUgRJmcmVpbWVyQGN0aXVzYS5jb20wDAYDVR0TAQH/BAIwADAN
BgkqhkiG9w0BAQUFAAOBgQAHcmBSgreS/FopWMmY+jGgR8IMk07AxNIyvszC1+EqT5GN8CB+BOrr
ePcfIajM/1s/jVJhl7GN/wbKx39vcRFLdTMWfYwRWXJfJFk9C7NBp5QmpUaVxi/q0BFTC9l25BnB
13sv24vIsjSCGif979xFZpwEdP+UZ4U9xfqG+Ps32jCCAy0wggKWoAMCAQICAQAwDQYJKoZIhvcN
AQEEBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNh
cGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRp
b24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBD
QTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw05NjAxMDEw
MDAwMDBaFw0yMDEyMzEyMzU5NTlaMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBD
YXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYD
VQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQwIgYDVQQDExtUaGF3dGUgUGVy
c29uYWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZyZWVtYWlsQHRoYXd0
ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANRp19SwlGRbcelH2AxRtupykbCEXn0t
DY97Et+FJXUodDpCLGMnn5V7S+9+GYcdhuqj3bnOlmQawhRuRKx85o/oTQ9xH0A4pgCjh3j2+ZSG
Xq3qwF5269kUo11uenwMpUtVfwYZKX+emibVars4JAhqmMex2qOYkf152+VaxBy5AgMBAAGjEzAR
MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAx+ySfk749ZalZ2IqpPBNEWDQb41g
WGGsJrtSNVwIzzD7qEqWih9iQiOMFw/0umScF6xHKd+dmF7SbGBxXKKs3Hnj524ARx+1DSjoAp3k
mv0T9KbZfLH43F8jJgmRgHPQFBveQ6mDJfLmnC8Vyv6mq4oHdYsM3VGEa+T40c53ooEwggM/MIIC
qKADAgECAgENMA0GCSqGSIb3DQEBBQUAMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVy
biBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSgw
JgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQwIgYDVQQDExtUaGF3dGUg
UGVyc29uYWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZyZWVtYWlsQHRo
YXd0ZS5jb20wHhcNMDMwNzE3MDAwMDAwWhcNMTMwNzE2MjM1OTU5WjBiMQswCQYDVQQGEwJaQTEl
MCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBl
cnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMSm
PFVzVftOucqZWh5owHUEcJ3f6f+jHuy9zfVb8hp2vX8MOmHyv1HOAdTlUAow1wJjWiyJFXCO3cnw
K4Vaqj9xVsuvPAsH5/EfkTYkKhPPK9Xzgnc9A74r/rsYPge/QIACZNenprufZdHFKlSFD0gEf6e2
0TxhBEAeZBlyYLf7AgMBAAGjgZQwgZEwEgYDVR0TAQH/BAgwBgEB/wIBADBDBgNVHR8EPDA6MDig
NqA0hjJodHRwOi8vY3JsLnRoYXd0ZS5jb20vVGhhd3RlUGVyc29uYWxGcmVlbWFpbENBLmNybDAL
BgNVHQ8EBAMCAQYwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDItMTM4MA0G
CSqGSIb3DQEBBQUAA4GBAEiM0VCD6gsuzA2jZqxnD3+vrL7CF6FDlpSdf0whuPg2H6otnzYvwPQc
UCCTcDz9reFhYsPZOhl+hLGZGwDFGguCdJ4lUJRix9sncVcljd2pnDmOjCBPZV+V2vf3h9bGCE6u
9uo05RAaWzVNd+NWIXiC3CEZNd4ksdMdRv9dX2VPMYIC+DCCAvQCAQEwdjBiMQswCQYDVQQGEwJa
QTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3Rl
IFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECEE/N8u+Cjf1akAnPH3Rf2m8wCQYFKw4DAhoF
AKCCAdgwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDgwMzI2MTMx
ODM0WjAjBgkqhkiG9w0BCQQxFgQU30aP2s4zMLqlq+g1ZQGobUcy7P4wZwYJKoZIhvcNAQkPMVow
WDAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYI
KoZIhvcNAwICASgwBwYFKw4DAhowCgYIKoZIhvcNAgUwgYUGCSsGAQQBgjcQBDF4MHYwYjELMAkG
A1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMT
I1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAhBPzfLvgo39WpAJzx90X9pvMIGH
BgsqhkiG9w0BCRACCzF4oHYwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0
aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5n
IENBAhBPzfLvgo39WpAJzx90X9pvMA0GCSqGSIb3DQEBAQUABIGAZNjbsWXqaZ3A4whFX130Ktnj
kDOFrj+g2L51XyEI/TYoTqAOYkfR7tgyvsRemJkaaHTsOs6+nAsbDNeTNnu62SzpeA5tdmvLkt6P
DgAroq3LKqPcocwqk+ysLyZVBiIHxxP5dTt/7SVVURD6jE4dvy0NHxxrWc5I7JfNgVzmMxYAAAAA
AAA=
------=_NextPart_000_0247_01C88F22.5DCFD220--
