[c-nsp] Devil's Advocate - Segment Routing, Why?

Saku Ytti saku at ytti.fi
Fri Jun 19 07:34:47 EDT 2020


On Fri, 19 Jun 2020 at 14:23, Benny Lyne Amorsen via cisco-nsp
<cisco-nsp at puck.nether.net> wrote:

> Per-packet overhead is hefty. Is that a problem today?

For us it is in DDoS scenario, we have customers whose product is to
ingest DDoS and send clean out, so we need to deliver the bad traffic
to them. With large per-packet overhead attacker gets huge leverage,
as they inject pure IP, then we add overhead, and we need that
overhead capacity everywhere to transport it.

I'd say the fundamental metrics are

a) tunnel must be LEM only on a small on-chip database
b) tunnel header must be narrow
c) tunnel header must be transistor cheap to parse (wattage, yield)
d) all traffic in core must be tunneled

-- 
  ++ytti


More information about the cisco-nsp mailing list