[AusNOG] 10G routing
Lincoln Dale
ltd at aristanetworks.com
Fri Feb 7 14:50:36 EST 2014
On Fri, Feb 7, 2014 at 1:25 PM, Alex Samad - Yieldbroker <
Alex.Samad at yieldbroker.com> wrote:
> Hi
>
> Q) am I being unrealistic to think I should be able to get 10Gb/s
> routing/firewall in a vm?
If you mean 10Gbps full duplex (tx+rx) with real-world packet sizes: yes.
very unrealistic. not even close.
If you mean 10Gbps with jumbo frames, small # of prefixes then yes its
possible.
If you want it to be capable of standing up under load of a DDoS attack of
64 byte frames: you're dreaming.
(linerate 64-byte 10G is 14.88M PPS.)
The "best" you can do on x86 hardware is around 600-800K PPS per 'core' of
most modern Intel Xeon 56xx and a multi-queue-capable NIC. So maybe 2-3M
PPS best case.
With no features other than forwarding.
Add anything interesting like sFlow, ACLs, policing/shaping etc and it
drops dramatically.
The unfortunate reality is that there is about 4 or 5 orders of magnitude
difference in performance between what 'software' on a general purpose CPU
can do and what dedicated network silicon can do for an "equvalent price"
silicon.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140207/eca3cdaa/attachment.html>
More information about the AusNOG
mailing list