[c-nsp] network rebuild questions

[Lincoln Dale]

On 01/11/2009, at 5:20 AM, Bill Desjardins wrote:
> well, sup1 6500's doing everything all in one have been rock solid the
> last 5+yrs now and are still pushing ~460k PPS in+out at this very
> moment without a hiccup and doing everything I want them too. its 99%
> voip traffic as well with very happy customers. I dont see the point
> that all of sudden I am going to be in despair and grief with modestly
> better hardware and a much improved network architecture. IMHO.

bear in mind that a Sup1 is only ever doing "flow switching" aka MLS  
(multi layer switching), which is akin to 1st packet in a flow goes to  
software, software sets up a hardware shortcut entry in the MLS cache  
then subsequent packets in that flow are forwarded in hardware.

that works relatively well provided:
  a. the flow setup rate does not exceed the capabilities of software
  b. the # of concurrent flows does not exhaust the size of the flow  
table

while often that will be the case under normal conditions, if your  
traffic is growing at any significant rate per month/quarter/year or  
if you are exposed to a DoS attack or rogue application, you may well  
find that Sup1 does not work so well any more and would likely result  
in network outage(s) and/or broken SLAs on that VoIP traffic.
if you have means of protecting against those things, all well and  
good.  but note that subsequent Supervisors on C6K augment the MLS  
switching path with CEF/FIB in hardware, i.e. no "per flow state"  
forwarding but instead setup the entire forwarding table in hardware -  
so as to avoid those issues.


cheers,

lincoln.