[c-nsp] full routing table / provider-class chassis

Phil Mayers p.mayers at imperial.ac.uk
Thu Jun 11 15:01:34 EDT 2009 

Kevin Loch wrote:

>>
>> Unfortunately, Cisco's partners are useless.  They propose 6509s without 
>> the DFCs, which we know will fall over.  
> 
> Well that depends...
> 
> The DFC's only do next-hop (tcam) lookups and netflow.  All packets are
> switched on the centralized PFC.  Each line card has two 20Gbit/s

Łukasz has already addressed this; suffice to say he's right, and the 
above is not correct. A TCAM lookup *is* the forwarding operation, and 
the DFC has all information required locally to switch the packet (via 
the fabric) to the output linecard, and does so.

> 
> Netflow is subsampled on this platform.  I have been able to get

I don't know what you mean by "subsampled", but my experience of netflow 
on this platform does not match this description.

Because we are within the netflow TCAM limits, I get 100% accurate 
netflow. There's no sampling in hardware - the hardware is in fact not 
*capable* of such - and we see all packets in our flow table.

> pretty good estimates of traffic flow (checked against SNMP counters)
> but I would not use that for any kind of accounting.  The

Again, this depends on your traffic pattern. We use it for accounting 
and it is essentially totally reliable, given our traffic patterns.

It's popular to bash netflow on the 6500s, but I personally think that's 
unfair. It's very effective for the (large numbers of) sites who are 
within the design limits of the platform. I can understand it's 
frustrating to be outside those limits though.

> SNMP counters are fairly noisy due to the several second update
> intervals.  SNMP counters on vlans are even worse and loop
> over after a few gbit/s even though the coutners themselves
> are 64bit.  You may find using smaller switches (like 3560)
> for most customer ports and using 10Gig uplinks is better
> than using copper ports on the 6500/7600.

I think that would depend on the architecture one was trying to build. 
By terminating the link on a 6748-TX, you get:

  * sensible power redundancy
  * sensible control-plane redundancy
  * better performance / lower contention
  * fewer devices to manage

> 
> I would avoid the sup720, the rsp720 has 2x the ram and more

Obviously it's worth emphasising that the RSP720 is 7600-only, and from 
posts on this list it's still not in general availability I think?

> than 2x the cpu power.  cpu on the sup720 is by far it's biggest
> limitation.

That's certainly true; 600Mhz is pretty derisory these days.

More information about the cisco-nsp mailing list