[c-nsp] Typhoon support on XRe

adamv0025 at netconsultings.com adamv0025 at netconsultings.com
Thu May 4 09:15:09 EDT 2017


> Mikael Abrahamsson [mailto:swmike at swm.pp.se]
> Sent: Thursday, May 04, 2017 1:23 PM
> 
> On Thu, 4 May 2017, adamv0025 at netconsultings.com wrote:
> 
> I have been told this before purchase. "worst case performance with all
> features turned on, is X bytes wirespeed. Less features, higher pps. if
you
> want wirespeed, don't use all ports, use 2 ports instad of 4 connected to
that
> NPU, then it's wirespeed on those two ports". if this wasn't true, I would
get
> upset.
> 
But what if you need to enable a feature that wasn't tested -how much is
that going to take from the overall NPU's Mpps budget, is it still going to
be ok for what you need? 
See this is where I'd like to actually have a telemetry I could pool and
monitor telling me what's my current NPU's lookup processing load, I'd like
to know what the headroom is. 
Luckily for us there's the streaming telemetry that will hopefully provide
all these details soon.  

> > But does the NPU's architecture allow it to protect your EF traffic
> > even when it's overloaded (under DDoS), I don't know I haven't
> > checked/tested, I know ASR9K LCs would.
> 
> From people who like to look at theoretical edge cases, I've been told the
last
> major platform that did this was the CRS-1 with 40G per slot.

Well any platform that has proper pre-classifier configuration and proper
backpressure design will do. 
And there are some platforms on the market that got it right. 
If you are running converged network connected to the Internet (like most of
the folks) it's not a theoretical corner case anymore.  
  

> > For example if it's a network that can't get DDoS traffic in it and
> > you know you're only going to have 60% utilization before upgrade, or
> > all traffic is BE, then sure nothing to worry about.
> 
> I'd also say this isn't just about PPS. It's about other features.
> Designing a network with lots of feature-rich edge/core features mean you
> need platform that supports this. If you keep down the features required,
> you typically have more platforms to choose from.
> 
Or there's the divide and conquer option, which I guess I like the most. 
Having a full rack PE capable of 100's of ports sounds like you can scale
the thing forever just by adding more LCs, but then you realize the chassis
is half empty but you can't put any more VRFs and eBGP session on it cause
the routing engine is crumbling down. 
So you can have PEs that can be exposed to DDoS with internet facing
services and customers and PEs that only host site to site L3VPNs. 
Then you can have different sets of features enable on those NPUs.      

> But yes, I agree, the type of traffic you're expecting worst-case dictates
what
> platforms you can choose and how to use them.
> 
Exactly.

adam

netconsultings.com
::carrier-class solutions for the telecommunications industry::




More information about the cisco-nsp mailing list