North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: 10GE router resource

  • From: Fred Reimer
  • Date: Wed Mar 26 09:48:33 2008

To answer your question, the 5580 ASA (PIX is EoS if you didnât know) is capable of 10G âHTTPâ traffic and 20G âjumbo frameâ packets. However, 64-byte packet rate is âlimitedâ to 4,000,000pps. And yes, you will pay for that performance. You get a lot more than just a packet filter with the ASA though.

 

Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS

Senior Network Engineer

Coleman Technologies, Inc.

954-298-1697

 

From: [email protected] [mailto:[email protected]] On Behalf Of Patrick Clochesy
Sent: Tuesday, March 25, 2008 9:16 PM
To: Adrian Chadd
Cc: [email protected]
Subject: Re: 10GE router resource

 

Very interesting study I had not seen, and a bummer. That really puts a cramp in my advocation of our CARP+pf load balancers/firewalls/gateways. Than again, what's a PIX box capable of?

I also had to switch to OpenBSD as there was a fatal crash with the bridge device in FreeBSD when used with my paticular OpenVPN/CARP/pf combination.

AFAIK pf/forwarding only takes place on one core and wouldn't take advantage of the other 3 cores, correct?

-Patrick

----- Original Message -----
From: "Adrian Chadd" <[email protected]>
To: "Chris Grundemann" <[email protected]>
Cc: "William Herrin" <[email protected]>, [email protected]
Sent: Tuesday, March 25, 2008 6:02:03 PM (GMT-0800) America/Los_Angeles
Subject: Re: 10GE router resource


On Tue, Mar 25, 2008, Chris Grundemann wrote:

> To Ann's question on resources; I have only used Linux routers with 1G
> ports but have surpassed 10G total throughput (up+ down) using various
> dual proc set ups, most often Intel Xeon in Dell servers.  A gentlemen
> by the name of Martin Pels wrote a good paper on the subject early
> last year that can be found here:
> http://docs.rodecker.nl/10-GE_Routing_on_Linux.pdf.  He hit a wall at
> 700K pps and was using two dual core Intel Xeon 64bit 2.33GHz CPUs and
> 2GB of RAM in a Dell PowerEdge 1950.

Mike Tancsa did some benchmarking in late 2006:

http://www.tancsa.com/blast.html

I think things are slightly faster now but not because of a massive
change in software architecture.




Adrian

Attachment: smime.p7s
Description: S/MIME cryptographic signature