Vyatta as a BRAS

Dobbins, Roland rdobbins at arbor.net
Wed Jul 14 07:39:50 CDT 2010

On Jul 14, 2010, at 7:01 PM, <Valdis.Kletnieks at vt.edu> <Valdis.Kletnieks at vt.edu> wrote:

> But as others have stated, the 7206 has at least some hardware acceleration,

Unfortunately, said statements are factually incorrect.  7200s have no hardware acceleration of any type whatsoever.

from <http://www.cisco.com/en/US/prod/collateral/routers/ps341/product_data_sheet0900aecd8047177b.html>:


1.67-GHz Motorola Freescale 7448 processor'

> so it's *not* a router that uses *only* centralized general-purpose CPUs.

Actually, it is.  Same with ISRs.

from <http://www.cisco.com/en/US/prod/collateral/routers/ps10538/qa_c67_553891_ps10536_Products_Q_and_A_Item.html>

Note the 'Multicore Processor' line-item - singular.

The SREs for the ISR2s do each contain their own Intel x86 processor - so, the ISR2 models which can take SREs are distributed platforms, but aren't hardware-based in the sense that they contain high-performance forwarding chips.  The processors in the SREs are used to run applications on-board the router itself - so, they're kind of like special-purpose servers on a card, rather than high-performance linecards as one finds in higher-end platforms.

> So basically, your definition of "hardware based" router is "one that has enough
> FPGAs to not tank under some arbitrary workload". Not very useful,that.

It's extremely useful to differentiate routers which have special-purpose forwarding hardware from those which don't, as the latter crumble quite quickly when packeted.  If you don't believe me, run some tests of your own with purely software-based routers, such as 7200s, and then with a hardware-based router such as an ASR1K, ASR9K, GSR, CRS-1, N7K, what-have-you.

I've seen this divergent behavior between software-based and hardware-based platforms time and time again in real, live production networks, during real, live attacks.  It isn't something which can simply be dismissed by semantic hairsplitting.

And it's not *my* definition - 'hardware-based' vs. 'software-based' are the terms to describe these two fundamental architectural classes of router *within Cisco itself*.

> Let's face it Roland - it's a continuum from hardware to software, and in many
> places it's downright murky which it is. Is the CRS-1 hardware or software?

Hardware, obviously - it has special-purpose NPUs on the linecards, along with special-purpose ASICs, and TCAMs.  

> Lots of custom hardware in there - but lots of processing cores that look suspiciously like software engines too.

There's a world of difference in packet-handling mechanisms and sheer performance between a 7200 and a CRS-1, or a GSR, or a CRS-3, or Juniper T-series - and not just one of 'more, faster processors', but of fundamental architecture.  This is why 'hardware-based' vs. 'software-based' is a useful distinction; again, note that within Cisco, these are the common terms used to describe these general classes of device, with 7200s and ISRs being termed 'software-based', and the other models mentioned above described as 'hardware-based'.

Anyway, enough on this topic.  If folks wish to continue to deploy software-based routers at the edges of their networks, then they oughtn't to be surprised or dismayed when said software-based routers fall over under relatively small amounts of packeting, either deliberate attacks or as the result of misconfiguration, et. al.  If, on the other hand, they prize availability, then investing in hardware-based platforms and then configuring said hardware-based routers with the appropriate BCPs greatly reduces the risk of such an occurrence.

Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

    Injustice is relatively easy to bear; what stings is justice.

                        -- H.L. Mencken

More information about the NANOG mailing list