scaling linux-based router hardware recommendations
Joe Greco
jgreco at ns.sol.net
Tue Jan 27 00:18:01 UTC 2015
> I know that specially programmed ASICs on dedicated hardware like Cisco,
> Juniper, etc. are going to always outperform a general purpose server
> running gnu/linux, *bsd... but I find the idea of trying to use
> proprietary, NSA-backdoored devices difficult to accept, especially when
> I don't have the budget for it.
>
> I've noticed that even with a relatively modern system (supermicro with
> a 4 core 1265LV2 CPU, with a 9MB cache, Intel E1G44HTBLK Server
> adapters, and 16gig of ram, you still tend to get high percentage of
> time working on softirqs on all the CPUs when pps reaches somewhere
> around 60-70k, and the traffic approaching 600-900mbit/sec (during a
> DDoS, such hardware cannot typically cope).
>
> It seems like finding hardware more optimized for very high packet per
> second counts would be a good thing to do. I just have no idea what is
> out there that could meet these goals. I'm unsure if faster CPUs, or
> more CPUs is really the problem, or networking cards, or just plain old
> fashioned tuning.
10-15 years ago, we were seeing early Pentium 4 boxes capable of moving
100Kpps+ on FreeBSD. See for example
http://info.iet.unipi.it/~luigi/polling/
Luigi moved on to Netmap, which looks promising for this sort of
thing.
https://www.usenix.org/system/files/conference/atc12/atc12-final186.pdf
I was under the impression that some people have been using this for
10G routing.
Also I'll note that Ubiquiti has some remarkable low-power gear capable
of 1Mpps+.
... JG
--
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.
More information about the NANOG
mailing list