Extreme BlackDiamond

Mon Oct 13 11:21:58 UTC 2003

On Mon, 13 Oct 2003, Andy Walden wrote:

> > I don't know of anyone else who *routes* ICMP. Yes, ICMP packets destined
> > for the router, but Extreme actually CPU route all ICMP packets passing
> > thru.
> 
> I'm not 100% sure what your trying to say above, but all I'm refering to
> is packets destined towards the device itself.

Which I was not.

> Maybe, maybe not. It could be more granular then that, which would allow
> for addition functionality based on other fields in the IP header. Every

It isn't. The ipfdb is basically a DestIP, port and mac address in its 
pursest form. This is the default.

> Also, the original question was about switching. For layer-2 flows with
> unique MAC addresses reach the CPU as well? Probably.

It would in basically all switches I know of.

> Have you tested this? I'm always interested in different vendor's flow
> setup rates.

Well, empirical studies say that "clear ipfdb" on a full ipfdb table makes 
the switch become unresponsive and fully occupied with ipfdb entry 
creation for something like 10-40 seconds. No, I have not measued it more 
closely than that.

> I'm not sure this would make sense. How would the device know to drop or
> forward the packet if a flow, even if it is a drop flow, hasn't been
> created?

Because the ACLs aren't applied to flows but are matched separately before 
a forwarding decision has been made. Think of it as a PXF grid that does 
things before the CPU.

As far as I know they do this:

L3 packet comes in.
It's matched for ACL (ACLs are used to QoS stuff as well)
matched for policy routing
after this, it's checked in the ipfdb and if it's not found then punted to 
the CPU. If it's an ICMP packet it's always punted to the CPU.

So dropping packets is all done in ASIC.

-- 
Mikael Abrahamsson    email: swmike at swm.pp.se