nanog mailing list archives

Re: Attacking on Source Port 0 (ZERO)

From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Tue, 16 Oct 2012 02:47:24 +0000


On Oct 16, 2012, at 8:57 AM, Ryan Malayter wrote:

10G+ forwarding with minimum packet sizes is possible on a single core using optimized kernels (see Intel DPDK and 
PF_RING DNA).


Of course it isn't.  You can *approach* 10gb/sec with multiple cores and minimum packet sizes, granted.

You don't need to handle more packets than you can possibly receive over your interfaces.


Yes, you do, because forwarding 64-byte packets at 'line-rate', whilst very important, isn't the only metric.

I know all about the forwarding capabilities of modern general-purpose CPUs, ring-buffers, et. al.  I know what is 
possible, and what isn't possible.  And please, no more from the Vyatta crowd, et. al. - they're like the s/Flow 
shouters, only more so.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

          Luck is the residue of opportunity and design.

                       -- John Milton

Current thread:

Attacking on Source Port 0 (ZERO) Shahab Vahabzadeh (Oct 14)
- Re: Attacking on Source Port 0 (ZERO) Dobbins, Roland (Oct 14)
  - Re: Attacking on Source Port 0 (ZERO) Shahab Vahabzadeh (Oct 14)
    - Re: Attacking on Source Port 0 (ZERO) Nick Hilliard (Oct 14)
    - Re: Attacking on Source Port 0 (ZERO) Dobbins, Roland (Oct 14)
    - Re: Attacking on Source Port 0 (ZERO) Dobbins, Roland (Oct 14)
    - Re: Attacking on Source Port 0 (ZERO) Ryan Malayter (Oct 15)
    - Re: Attacking on Source Port 0 (ZERO) Dobbins, Roland (Oct 15)
    - Re: Attacking on Source Port 0 (ZERO) Steven Noble (Oct 15)
- <Possible follow-ups>
- Re: Attacking on Source Port 0 (ZERO) Scott Weeks (Oct 14)