uPRF strict more

• Previous message (by thread): uPRF strict more
• Next message (by thread): uPRF strict more
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I understand better why some prefer acl vs uRpf. 

For sure, forwarding 400 Gbps of 80B frames is a sign that something bad is happening. 😉

Jean

-----Original Message-----
From: brad dreisbach <bradd at ntt.net> 
Sent: September 29, 2021 4:18 PM
To: Jean St-Laurent <jean at ddostest.me>
Cc: 'brad dreisbach' <bradd at us.ntt.net>; 'Phil Bedard' <bedard.phil at gmail.com>; 'North American Network Operators' Group' <nanog at nanog.org>
Subject: Re: uPRF strict more

On Wed, Sep 29, 2021 at 04:07:19PM -0400, Jean St-Laurent wrote:
>Thanks a lot for sharing.
>
>So 100 Gbps at line rate with 80B frames is about ~150 Mpps.
>
>100 Gbps at line rate with 208B frames is about ~60 Mpps.
>
>It's a significant penalty.

and keep in kind the 4x100 card is 1 port per NPU. they make an 8x100 where the NPU's are shared. it gets even worse. not to single out cisco, this is just how urpf works. juniper had similar penalties, i just cant find the numbers.

-b

>
>Jean
>
>-----Original Message-----
>From: brad dreisbach <bradd at us.ntt.net>
>Sent: September 29, 2021 3:33 PM
>To: Jean St-Laurent <jean at ddostest.me>
>Cc: 'brad dreisbach' <bradd at us.ntt.net>; 'Phil Bedard' 
><bedard.phil at gmail.com>; 'North American Network Operators' Group' 
><nanog at nanog.org>
>Subject: Re: uPRF strict more
>
>On Wed, Sep 29, 2021 at 02:54:43PM -0400, Jean St-Laurent wrote:
>>Hi Brad,
>>
>>I'd be interested to hear more about this pps penalty. Do we talk about 5% penalty or something closer to 50%?
>>
>>Let me know if you still have some numbers close to you related to PPS with uRPF loose.
>
>iirc, strict vs loose doesnt matter, its still an extra lookup which effects the performance. i was able to find some numbers to give an example.
>
>the 4x100G tomahawk card was able to pass min frame size(which iirc on 
>ixia is
>80B) at line rate with no features enabled. turn on uRPF and it is only able to pass 208B frames at line rate.
>
>similar results were seen with several generations of cisco and juniper line cards(if i tested nokia i cant recall, we had stopped doing urpf when they were introduced into the network).
>
>-b
>

• Previous message (by thread): uPRF strict more
• Next message (by thread): uPRF strict more
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]