ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms

• Previous message (by thread): ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms
• Next message (by thread): ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Töma Gavrichenkov
> Sent: Friday, March 8, 2019 5:07 PM
> 
> On Fri, Mar 8, 2019 at 7:48 PM Saku Ytti <saku at ytti.fi> wrote:
> > Why do you think it would be expensive? It's cheaper than how ECMP is
> > done for L3 keys, because you just read the flow label and not
> > calculate any hash.
> 
> The most honest answer would be: I have no idea. That's just what I've seen,
> rather briefly though, as we weren't going to investigate that part at the
> time.
> 
> It's been a while since then, and maybe there was a mistake on our side (at
> least within a perfectly academic context I must assume that there was, as
> there was no peer review — we were not in academy after all!), but I'm still
> inclined to, first, see the benchmarks of any proposed piece of hardware
> that's promising you ECMP with flow labels, second, make any statements
> about the latter.
> 
We did this exact testing a while back on Juniper 2nd and 3rd gen PFEs.
The results showed it doesn't matter a tiny bit whether you do 5-tuple hash or use flow label.
So the bottom line is on modern NPUs it doesn't really matter. 
 

adam

• Previous message (by thread): ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms
• Next message (by thread): ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]