[134437] in North American Network Operators' Group
Re: ARIN and the RPKI (was Re: AltDB?)
daemon@ATHENA.MIT.EDU (Randy Bush)
Thu Jan 6 00:16:29 2011
Date: Thu, 06 Jan 2011 14:15:38 +0900
From: Randy Bush <randy@psg.com>
To: Roland Dobbins <rdobbins@arbor.net>
In-Reply-To: <DBC5E673-FF6B-4C51-A3B0-03F8580BB744@arbor.net>
Cc: NANOG Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
>> actually, the formal rpki-based origin-validation stuff is measured
>> to take *less* cpu, a lot less, than ACLs
> On the platforms which really matter in terms of rPKI, ACLs are
> handled in hardware, so this is pretty much a wash.
really? it was measured on a GSR. full check on a prefix, 10usec.
that's microseconds.
as chris pointed out, though, one pays for having the data in the trie,
i.e. in ram. but not a lot.
randy
