[177565] in North American Network Operators' Group
Re: scaling linux-based router hardware recommendations
daemon@ATHENA.MIT.EDU (Hugo Slabbert)
Tue Jan 27 11:23:01 2015
X-Original-To: nanog@nanog.org
Date: Tue, 27 Jan 2015 08:22:52 -0800
From: Hugo Slabbert <hugo@slabnet.com>
To: Pavel Odintsov <pavel.odintsov@gmail.com>
In-Reply-To: <CALgsdbc_SK-fUrbvGcSfze4QcyAV4ssGL6knmAqfxgt+NNvU-w@mail.gmail.com>
Cc: micah anderson <micah@riseup.net>, "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
--so9zsI5B81VjUb/o
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
There is also some work in progress to improve network performance in the=
=20
Linux kernel:
https://lwn.net/Articles/629155/
Preliminary, but encouraging that work is under way.
--
Hugo
On Tue 2015-Jan-27 11:33:16 +0400, Pavel Odintsov <pavel.odintsov@gmail.com=
> wrote:
>Hello!
>
>Looks like somebody want to build Linux soft router!) Nice idea for
>routing 10-30 GBps. I route about 5+ Gbps in Xeon E5-2620v2 with 4
>10GE cards Intel 82599 and Debian Wheezy 3.2 (but it's really terrible
>kernel, everyone should use modern kernels since 3.16 because "buggy
>linux route cache"). My current processor load on server is about:
>15%, thus I can route about 15 GE on my Linux server.
>
>Surely, you should deploy backup server too if master server fails.
>
>On Tue, Jan 27, 2015 at 1:53 AM, micah anderson <micah@riseup.net> wrote:
>>
>> Hi,
>>
>> I know that specially programmed ASICs on dedicated hardware like Cisco,
>> Juniper, etc. are going to always outperform a general purpose server
>> running gnu/linux, *bsd... but I find the idea of trying to use
>> proprietary, NSA-backdoored devices difficult to accept, especially when
>> I don't have the budget for it.
>>
>> I've noticed that even with a relatively modern system (supermicro with
>> a 4 core 1265LV2 CPU, with a 9MB cache, Intel E1G44HTBLK Server
>> adapters, and 16gig of ram, you still tend to get high percentage of
>> time working on softirqs on all the CPUs when pps reaches somewhere
>> around 60-70k, and the traffic approaching 600-900mbit/sec (during a
>> DDoS, such hardware cannot typically cope).
>>
>> It seems like finding hardware more optimized for very high packet per
>> second counts would be a good thing to do. I just have no idea what is
>> out there that could meet these goals. I'm unsure if faster CPUs, or
>> more CPUs is really the problem, or networking cards, or just plain old
>> fashioned tuning.
>>
>> Any ideas or suggestions would be welcome!
>> micah
>>
>
>
>
>--=20
>Sincerely yours, Pavel Odintsov
--=20
Hugo
--so9zsI5B81VjUb/o
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJUx7tcAAoJEJqxD/2xeDE+mTsP/Rz6Ze5maqtNo6ojsuMMOtLg
Fpa0ms/CVOkkK/5FR6GdXVSWLJ44HAdVBF1YbZX2Xs9lbtY4reDh54O1dgEqthM/
ejZc3s1aiHCYCZLrwSZzQmgdjypGOQeOPFM5ivij5s111adsMCQRO5bbc/7VY12Q
EOVI2t0TihqNS0Oh+0FgvL7bEwqOZL4pGJ+PNXF2a/mH0OCilAF2Cv0kjLu4yaQt
iNve+/wD15i7Q/pIq3HrvWciPukr5mtl+fbemqNwtleKGMG5vVE8eNxVCjQ8gKuT
J+AJir0S9Ahz531K383WVsXTBv62bPuDVHa3Dg3nM37c9wj7lvaWqMzNgn4siV1p
kiaIj+C6iXbsP27Tr86xcHO7KgqU0yGItRy4VYbUzx7WpikqrPbx7bUIqqzz9aQP
9kZ4pmZ9uMdnsKLzV5tGULKRu2CAPsczR+LXKdWXeanZt+J6de3eoymLtATnboeb
RHTzH7W2PMnmMedwNcKYvlsl0AgMBt/P2WVLI4Hj4nRmOfyDyN3fwZOl6xnrzaCQ
ZlZayvUhXVfiM4OCWujSzrWpWHyD1R9LiEHzB8Jdm/YH2tQdVdQPzjRliAqqwdvY
HPEVzMJIW+mrnmxua2hMaVsbHGkQ5uJ5FlVCHsbIc3aXP5N6g3fqv2SVYKBBuqn4
VpDMoy9HVtojCVBvcDvK
=RdlM
-----END PGP SIGNATURE-----
--so9zsI5B81VjUb/o--
