[c-nsp] full routing table / provider-class chassis

Jo Rhett jrhett at netconsonance.com
Fri Jun 12 15:58:36 EDT 2009 

On Jun 12, 2009, at 8:42 AM, Kevin Loch wrote:
>> Łukasz has already addressed this; suffice to say he's right, and  
>> the above is not correct. A TCAM lookup *is* the forwarding  
>> operation, and the DFC has all information required locally to  
>> switch the packet (via the fabric) to the output linecard, and does  
>> so.
>
> I shouldn't have said PFC. The fabric is on the supervisor card itself
> not the PFC.  What I meant was the packet is always sent to the
> centralized switch fabric on the active supervisor card regardless of
> where the lookups/acl are done.

Just for information, I know very intimately how this stuff works and  
don't need you to explain it to me.  I haven't objected yet because  
others might find this interesting.  (and FYI, your last sentence is  
wrong too if DFCs exist on each card)

> The important point is that the lookup limitations (mpps) are
> different than the fabric bandwidth limitations (gbps) because of how
> these functions are separated on the cef720/dcef720 platform.
>
> A 6509 should not "fall over without DFC's" unless you are doing more
> than 30mpps.  That is 15gbit/s of 64 byte packets or 360gbit/s of
> 1500 byte packets.


Sorry, let me back up and explain again.  I've been dealing with Cisco  
for 20 years now.   And I very well know Cisco's ability to super- 
inflate their packet handling ability.  And specifically, I have run  
6509 systems into the ground with a mere 500mb/sec of traffic.

Their whole MPPS statistics are based on perfect-world scenarios that  
don't exist.  And honestly, I have on 5 different occasions had the  
opportunity to push Cisco to prove those numbers, and they have failed  
to do so IN A LAB THEY DESIGNED JUST TO DO SO.

So ... yeah.   Don't go believing those statistics.

Now let's talk about reality: 1/10 inbound/outbound ratios, 5% of  
received traffic is Internet cruft requiring (wasted) TCAM lookups,  
etc and such forth than any provider peering router observes, and  
you're down to a much lower ratio.  Fail to install DFCs and you'll  
find your 6509s falling over with just a few gigabits of traffic.    
30mpps versus 48mpps gives an illusion that DFCs only give you another  
50%, but that's not reality on the ground.  Don't try and persuade me  
otherwise, I've seen this repeatedly in real life environments.

Now, let's stop talking about non-DFC cards and start talking about  
equipment which can handle uRPF on every port, full Netflow analysis  
of up to 8 ports at a time, every port layer 3, every port filtered,  
colo facility core/peering.

-- 
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source  
and other randomness

More information about the cisco-nsp mailing list