Re: Extreme BlackDiamond

[Andy Walden <andy () tigerteam net>]

On Mon, 13 Oct 2003, Mikael Abrahamsson wrote:

> On Mon, 13 Oct 2003, Shazad - eServers wrote:
>
> > How are these for CORE SWITCHES (distribution) compared to BigIron and the
> > CISCO 6509?
> > > From what I have heard and reports they are very solid switches.
>
> Some things to know about them:
>
> They use CPU to route ICMP just like all Extreme equipment (makes it
> harder to diagnose network trouble using ICMP).

Actually, as far as I know, all switches and routers use the CPU to
process ICMP. It is a control protocol and the safest option is to ensure
the vendor has implemented some sort of CPU rate-limiting so it can't be
overwhelmed.

> They're very quick and stable when it comes to forwarding traffic that has
> a normal pattern, but they do not perform well when it comes to handling
> stuff like DoS attacks that generates packets that are not in its ipfdb.
> The last months virus attacks have not been fun to us (both the ICMP and
> the scanning from infected customers and our aggregates being scanned from
> infected internet hosts).

This is the kicker and real question: does it require the CPU to forward
regular traffic? I believe the answer is yes, the Extreme is a flow-based
architecture and the first packet of each unique flow (however it is
defined) will need to be processed by the CPU. This is why the problems
described above occur. The alternative is a packet-based architecure and
does not rely on the CPU for forwarding. It doesn't take a lot of packets
to overwhelm any CPU.

> They do everything in hardware when it comes to access lists, QoS etc.
> Either it does it in ASIC without performance impact or not at all.

Assuming the CPU doesn't have to process the first packet before it
reaches the ACL, QoS policy, etc..

andy
--
PGP Key Available at http://www.tigerteam.net/andy/pgp