RE: CIsco 7206VXR w/NPE-G1 Question

[sthaug () nethelp no]

> Keep in mind, 72xx is still flow-based, so you need to count *both* shared 
> fabric capacity (aka PCI buses) and capacity of NPE to establish flows 
> (aka pps rate).

Why do you say it is flow-based? You *do* use CEF, don't you? In which
case 7200 with NPE-G1 is a prefix-based architecture, with software
forwarding.

> NPE-G1 might probably route 3*GE, without any services and if all 3GE are 
> in a single flow, but will melt down at a face of one-packet-per-flow DDoS 
> (read: "Nachi" worm) at a far lower rate (I'd be surprised if it sustains 
> 200kpps DDoS traffic, which can be as low as 150Mbit bandwidth). 

It's the pps that counts, not whether it is one packet per flow or many.
We actually tested NPE-G1 a bit today with small (64 byte) packets, and
we reached considerably higher pps numbers.

Steinar Haug, Nethelp consulting, sthaug () nethelp no