North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: 10GE router resource

  • From: Andy Dills
  • Date: Wed Mar 26 00:57:01 2008

On Tue, 25 Mar 2008, Aaron Glenn wrote:

> On Tue, Mar 25, 2008 at 6:15 PM, Patrick Clochesy <[email protected]> wrote:
> > Very interesting study I had not seen, and a bummer. That really puts a
> > cramp in my advocation of our CARP+pf load balancers/firewalls/gateways.
> > Than again, what's a PIX box capable of?
> I'd rather tweak a whitebox than pay through the nose for a PIX.
> > I also had to switch to OpenBSD as there was a fatal crash with the bridge
> > device in FreeBSD when used with my paticular OpenVPN/CARP/pf combination.
> >
> > AFAIK pf/forwarding only takes place on one core and wouldn't take advantage
> > of the other 3 cores, correct?
> Correct. There has been some great speed and efficiency improvements
> in pf and other networking parts of OpenBSD; though from anecdotal
> evidence, 10GbE is not ready for 'primetime' (for certain definitions
> of 'primetime').

Anybody who does any sort of home-brew routing NEEDS to read this post:

Forwarding (routing between multiple interfaces) and filtering
(ipfw) IIRC with quad Intel e1000 NIC:

Dual Intel Xeon 2.8GHz:		240Kpps  12k L1 cache
Single Intel Xeon 2.8GHz:	380Kpps	 12k L1 cache
Core 2 Duo 1.8Ghz:		420kpps	 12k L1 cache
Single Pentium-M 1.8GHz:	550Kpps	 32k L1 cache
Dual AMD opteron 2GHz:		890Kpps	 64k L1 cache
Single AMD opteron 2GHz:	970Kpps	 64k L1 cache

All these hosts had 255 vlan interfaces with about 3000 routes and
about 30000 firewall rules, with a good spread of packets between
the interfaces with polling and fastforwarding.  I struggled to
generate enough packets to load the AMD routers.

Quite interesting data, no? Especially when you can now get 3GHz opterons 
with 128k of L1 cache? 

How sweet is a sub-$1k router that can do multiple gig-e's at 1.5mpps? 
Sounds like a dynamite platform for high-end datacenter CPEs that are soft 
on dynamic routing...and even the open-source dynamic routing is 
reasonably solid these days...


Andy Dills
Xecunet, Inc.