|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: PBR needing to hit the cpu?
On Sat, Sep 17, 2005 at 11:57:47PM -0400, David Hubbard wrote: > > Just curious, do most vendors' hardware need to hit the > cpu when doing policy-based routing? I found one of my > border routers' cpu's on the bad end of a DDoS but once > I turned off a not necessarily required setup to force > some outbound traffic to take a specific outbound link > via PBR, the DDoS traffic was no longer an issue. It was > only about 200 Mbit so I hadn't expected it to be an issue > but apparently it was; I was surprised when support told > me the PBR was making traffic hit the cpu. Some do. Some don't. That is about the best answer you're going to get unless you can tell us what hardware. Obviously policy-based routing uses a different lookup mechanism (some user-defined policy) than traditional destination ip longest prefix match. A cpu-based router is going to do it in cpu (duh), but the lookup process isn't going to be as efficient. A lower end hardware based/assisted router or L3 switch may just end up kicking policy routed traffic down a slow path, which may or may not be CPU based. Many higher end routers are perfectly capable of doing policy routing at the same level of performance as regular IP routing. Most vendors make a product that fits into each category. -- Richard A Steenbergen <[email protected]> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
|