Extreme BlackDiamond
Andrew - Supernews
andrew at supernews.net
Mon Oct 13 11:27:22 UTC 2003
>>> I can understand how a virus like Welchia can affect a flow-based
>>> architecture like Extremes. I was under the impression that CEF
>>> enabled Cisco gear wouldnt have this problem, but Cisco has
>>> instructions on their webpage on how deal with it and cites CPU
>>> usage as the reason. With CEF I thought the CPU wasn't involved?
>>> CEF is perhaps differently implemented on different plattforms?
>>
>> I think CEF in HW is the key, ASIC based and not Flow based. I'm
>> not all-knowlegable on which platforms do this, but the 7500,
>> 12000, 2948G-L3, 4908 have it.
Whether CEF is ASIC-based or in software is not an issue as such.
CEF is _not_ flow routing; CEF tables contain only destinations (not
source+destination or port numbers), they contain entire destination
prefixes not single IP addresses, they are pre-built and maintained
from the routing tables rather than added entry-by-entry as traffic
arrives.
CPU is still an issue in some cases because when a destination is on
an attached network and has no ARP entry, there is no CEF adjacency
for it; accordingly, when traffic arrives for that destination it is
punted to process level in order to trigger an ARP. Once the ARP
succeeds the adjacency is set up and further packets are routed via
CEF (whether hardware or software according to platform). However, if
the destination is not adjacent, this does not apply (since the ARP
entry for the next-hop router will already be present) and all packets
will be CEF-switched.
(Enabling CEF is often mentioned in Cisco docs as a workaround for
worm traffic problems.)
--
Andrew, Supernews
http://www.supernews.com - individual and corporate NNTP services
More information about the NANOG
mailing list