[f-nsp] NetIron MLX Experience..
Gerald Krause
gk at ax.tc
Thu Aug 10 04:21:58 EDT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thursday 10 August 2006 01:20, Richard A Steenbergen wrote:
> On Wed, Aug 09, 2006 at 12:23:55PM +0200, Gunther Stammwitz wrote:
> > > Foundry does NOT store the full routing table in the FIB it
> > > only stores
> > > the most specific. The way I understand it, (as explained to me by a
> > > foundry SE). Is that any changes to the RIB get populated to the FIB
> > > only if a more specific route is found.
> >
> > Correct, this is what net-aggregate does and why one can still run the
> > old ironcore-based bigirons/netirons with full routes these days.
>
> Sortof, but I wouldn't call net-agg a FIB really. Net-aggregate is a CAM
> aggregation tool which lets you install less routes into the CAM if you
> have a default route. The difference between net-agg and dr-agg is that
> dr-agg aggregates you down to a single 0.0.0.0/0 CAM entry and only
> installs entries for routes which don't point to whereever your default is
> going, while net-agg installs the default as 4096 /12s (so you have some
> vague hope of load balancing properly if you have multi-path defaults). Of
> course this DEPENDS on a default route to work, so you wouldn't want to
> run these in a default free core obviously. The next kick in the teeth for
> cam exhaustion used to be how they handled local arp based routes. If you
> have ip address 1.2.3.1/16 nailed up to an interface, and a worm came
> through and scanned every IP on that /16, your box would try to burn 64k
> cam entries. :)
>
> Original Ironcore boxes only had capacity for 8k 16k or 32k cam entries
> depending on model, so you really needed aggregation like this to handle
> random destination or "internet core" traffic. The modern boxes have more
> than enough tcam to handle full routes of course.
And how does the MLX/XMR series handle packets that have *no* valid L3
destination without a default route - can the box do this in HW? Will this
still eat lots of CAM in a (d)DOS?
- --
Gerald
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFE2uyqdemQaDIefeoRAoOXAKCftG28TYS6ocfWkKRdhFS+aPzBNQCePsiy
L6to5ACwKe7MwVKQd/owa0c=
=3p3J
-----END PGP SIGNATURE-----
More information about the foundry-nsp
mailing list