Presuming you do your IPv4 and IPv6 routing separately...
For IPv4, an interval-treemap from uint32-pair intervals to uint8 output ports fits into the default memory config of a PC from 1994; and each lookup into said tree resolves in nanoseconds, even on a machine of the era — esp. for tree-node pages that are hot in CPU cache.
And for IPv6, the tree could grow a lot larger, since the intervals are, per se, "uint128"-pairs... but there just aren't that many extant IPv6 routes yet, so the table is actually small in practice.
What are the constraints on the problem that I'm missing?
Another thing is that the thing is somewhat old and designed by Cisco who will not go out of their way to produce something that makes it obvious that their product can be replaced by a x86 box running Linux And good luck making a x86 box that has 720Gbps bandwidth and 144 ethernet ports. There is a question of exactly what is the real world practical application for 48 port gigabit linecard (there even is a PoE option, 6500 in right config can prowide kilowatts of PoE) in a router that can speak BGP, but well, you can build such a thing from 6500.
I assume the supervision card is prompted over some wire protocol by the ASICs in the switches for routing decisions, and responds back to them with a predictable delay. To achieve parity with the existing supervision card, it "only" needs to emit 30MM one-byte(!) decisions per second. I.e. a top-line input rate of 3840Mbps (for IPv6), and a top-line output rate of 240Mbps.
Basically, it confuses me why you can't slap such a "supervision card" together by taking a modern 8-core single-board computer that can fit the entire routing table into L2 cache on each core, and has a PCI-e socket; plugging an Infiniband card or whatever into it; and then running an RTOS on it.
Heck, when you think about it, SBCs are so cheap compared to a single used sup720-XL, that you could cluster them inside your router, with each supervision shard taking routing-decision load from 1/Nth of the ASICs.
This router was released in 2005, back when a CPU was lucky to have 2MB of L2 cache which had a 10ns access time. So no, you can't just have the routing table in cache. Considering a random read from memory takes in the order of 200 nanoseconds, you're not going to be able to handle that with commodity hardware.
It might be doable in 2023 - but 2023 routers are able to handle way more packages too.
Not that it changes much about your point.
Running full internet tables on a x86 server where you can only get a few Gbps up to maybe a few dozen Gbps is much easier.
If your want to forward traffic at line rate (think 10/40/100 gbps per port), having the OS handle packets becomes a bottleneck.
Snowden: The NSA planted backdoors in Cisco products --- https://www.infoworld.com/article/2608141/snowden--the-nsa-p...
Backdoors Keep Appearing In Cisco's Routers --- https://www.tomshardware.com/news/cisco-backdoor-hardcoded-a...
Sinister secret backdoor found in networking gear perfect for government espionage: The Chinese are – oh no, wait, it's Cisco again --- https://www.theregister.com/2019/05/02/cisco_vulnerabilities...
CPUs have AES key schedule accelerator instructions for a reason now. Encrypt and authenticate your traffic.
If you lose trust in your own switching equipment then it's all over. Management network? Compromised. Segmented traffic? Compromised. IPMI/BMC interfaces? Compromised. Anybody else's malformed traffic could breach your defense, and breach the very sanctity of the traffic your network is spitting out. It doesn't matter if your computer encrypts its traffic because a breached switch can just silence it.
A company selling switches/routers/firewalls should _not_ have these liabilities, and as these liabilities are known, nobody should buy Cisco equipment, ever. Buy the equipment that you know is the safest. Don't just give up and roll over!
The problem is that the million tcam entries are split between IPv4 and IPv6, so I really ran out of space.
I was surprised to read this. I was looking in to colocation services (for less than a rack) and everywhere I spoke to, including Hurricane Electric, included a set number of amps (which I assume is at 120V?).
Specially, HE offered me 2 amps with 7U of rack space. That seemed really low to me, just one of my 2U servers with a lot of hard drives idles at around 100W or just under 1A and easily exceeds 2A when it's really working (which admittedly is rare, it mostly idles).
I didn't follow up to see how that is actually metered. I'd love to hear about other folks experiences with collocating - is this common?
Creating an Autonomous System for Fun and Profit - https://news.ycombinator.com/item?id=15727115 - Nov 2017 (16 comments)
(p.s. reposts are fine after a year or so; links to past threads are just to satisfy extra-curious readers)
