[127783] in North American Network Operators' Group
Re: Vyatta as a BRAS
daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Wed Jul 14 08:40:07 2010
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: NANOG list <nanog@nanog.org>
Date: Wed, 14 Jul 2010 12:39:50 +0000
In-Reply-To: <238090.1279108916@localhost>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jul 14, 2010, at 7:01 PM, <Valdis.Kletnieks@vt.edu> <Valdis.Kletnieks@vt=
.edu> wrote:
> But as others have stated, the 7206 has at least some hardware accelerati=
on,
Unfortunately, said statements are factually incorrect. 7200s have no hard=
ware acceleration of any type whatsoever.
from <http://www.cisco.com/en/US/prod/collateral/routers/ps341/product_data=
_sheet0900aecd8047177b.html>:
'Processor
1.67-GHz Motorola Freescale 7448 processor'
> so it's *not* a router that uses *only* centralized general-purpose CPUs.
Actually, it is. Same with ISRs.
from <http://www.cisco.com/en/US/prod/collateral/routers/ps10538/qa_c67_553=
891_ps10536_Products_Q_and_A_Item.html>
Note the 'Multicore Processor' line-item - singular.
The SREs for the ISR2s do each contain their own Intel x86 processor - so, =
the ISR2 models which can take SREs are distributed platforms, but aren't h=
ardware-based in the sense that they contain high-performance forwarding ch=
ips. The processors in the SREs are used to run applications on-board the =
router itself - so, they're kind of like special-purpose servers on a card,=
rather than high-performance linecards as one finds in higher-end platform=
s.
> So basically, your definition of "hardware based" router is "one that has=
enough
> FPGAs to not tank under some arbitrary workload". Not very useful,that.
It's extremely useful to differentiate routers which have special-purpose f=
orwarding hardware from those which don't, as the latter crumble quite quic=
kly when packeted. If you don't believe me, run some tests of your own wit=
h purely software-based routers, such as 7200s, and then with a hardware-ba=
sed router such as an ASR1K, ASR9K, GSR, CRS-1, N7K, what-have-you.
I've seen this divergent behavior between software-based and hardware-based=
platforms time and time again in real, live production networks, during re=
al, live attacks. It isn't something which can simply be dismissed by sema=
ntic hairsplitting.
And it's not *my* definition - 'hardware-based' vs. 'software-based' are th=
e terms to describe these two fundamental architectural classes of router *=
within Cisco itself*.
> Let's face it Roland - it's a continuum from hardware to software, and in=
many
> places it's downright murky which it is. Is the CRS-1 hardware or softwar=
e?
Hardware, obviously - it has special-purpose NPUs on the linecards, along w=
ith special-purpose ASICs, and TCAMs. =20
> Lots of custom hardware in there - but lots of processing cores that look=
suspiciously like software engines too.
There's a world of difference in packet-handling mechanisms and sheer perfo=
rmance between a 7200 and a CRS-1, or a GSR, or a CRS-3, or Juniper T-serie=
s - and not just one of 'more, faster processors', but of fundamental archi=
tecture. This is why 'hardware-based' vs. 'software-based' is a useful dis=
tinction; again, note that within Cisco, these are the common terms used to=
describe these general classes of device, with 7200s and ISRs being termed=
'software-based', and the other models mentioned above described as 'hardw=
are-based'.
Anyway, enough on this topic. If folks wish to continue to deploy software=
-based routers at the edges of their networks, then they oughtn't to be sur=
prised or dismayed when said software-based routers fall over under relativ=
ely small amounts of packeting, either deliberate attacks or as the result =
of misconfiguration, et. al. If, on the other hand, they prize availabilit=
y, then investing in hardware-based platforms and then configuring said har=
dware-based routers with the appropriate BCPs greatly reduces the risk of s=
uch an occurrence.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Injustice is relatively easy to bear; what stings is justice.
-- H.L. Mencken
