[f-nsp] static vs dynamic cam mode on MLX/XMR (turning foundry direct routing off)

[Richard A Steenbergen]

On Fri, Jan 04, 2008 at 02:59:17PM +0100, Niels Bakker wrote:
> * gstammw at gmx.net (Gunther Stammwitz) [Fri 04 Jan 2008, 11:52 CET]:
> >I actually wanted to ask if anyone is actually using the DYNAMIC cam 
> >mode (when FDR is turned off) on a peering router with lots of different 
> >destinations and heavy traffic load?
> 
> You basically turn your router into a flow-based one from about a decade 
> ago.  I haven't tested how that works out but I imagine it will not run 
> well at all.

It's not quite that bad. It depends on your configuration, the number of 
cam entries available, and the way they're being installed. I know people 
who are still using classic ironcore boxes with covering routes and 
net/dr-agg today, it's perfectly function (for some definition of 
"functional" associated with ironcore).

If you had a box with say 256k cam entries and you suddenly found yourself 
with a 300k entry routing table, it might not be a bad way to go. You're 
going to age out the old cam entries as it fills up, and realistically not 
even a major core network is going to be talking to all of the routes in 
the table at the same time. This of course assumes that all of the 
behaviors where it installs a cam entry per flow instead of per route have 
been fixed (like for arp entries on directly connected interfaces, etc).

Don't dare try this on a 4k/8k/16k cam entry box though. Even if you have 
limited flows, the day someone fires up a random dest DoS or worm your box 
is going down like a... well actually I think "like a Foundry doing fast 
switching" is the comparison one would normally use for such desperate 
situations. :)

-- 
Richard A Steenbergen <ras at e-gerbil.net>       http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)