[66989] in North American Network Operators' Group
RE: CIsco 7206VXR w/NPE-G1 Question
daemon@ATHENA.MIT.EDU (sthaug@nethelp.no)
Fri Jan 30 12:31:15 2004
To: alex@pilosoft.com
Cc: nanog@merit.edu
From: sthaug@nethelp.no
In-Reply-To: Your message of "Fri, 30 Jan 2004 11:51:13 -0500 (EST)"
Date: Fri, 30 Jan 2004 18:30:27 +0100
Errors-To: owner-nanog-outgoing@merit.edu
> Keep in mind, 72xx is still flow-based, so you need to count *both* shared
> fabric capacity (aka PCI buses) and capacity of NPE to establish flows
> (aka pps rate).
Why do you say it is flow-based? You *do* use CEF, don't you? In which
case 7200 with NPE-G1 is a prefix-based architecture, with software
forwarding.
> NPE-G1 might probably route 3*GE, without any services and if all 3GE are
> in a single flow, but will melt down at a face of one-packet-per-flow DDoS
> (read: "Nachi" worm) at a far lower rate (I'd be surprised if it sustains
> 200kpps DDoS traffic, which can be as low as 150Mbit bandwidth).
It's the pps that counts, not whether it is one packet per flow or many.
We actually tested NPE-G1 a bit today with small (64 byte) packets, and
we reached considerably higher pps numbers.
Steinar Haug, Nethelp consulting, sthaug@nethelp.no
