[AusNOG] Cisco 6500 with Sup 720 3BXL - Good routing platform ??

Lincoln Dale ltd at cisco.com
Mon Sep 20 10:06:00 EST 2010


On 19/09/2010, at 2:44 PM, Alex Pinto wrote:

> Thanks for your comments; I was unaware of the netflow “flaws” in this product I can see from a security point of view this would make visibility on the network on what’s going on very hard to see…

the issues that Roland is highlighting is that the hardware implementation of Netflow on PFC3x series (EARL7/EARL7.5) does not natively support sampled netflow.
things work well until such time as the netflow table is exhausted (# of concurrent flows exceeds table size), at which point the statistical accuracy of the data is questionable.
sampled netflow on the platform has limited usefulness as its little more than software enabling and disabling h/w netflow capabilities multiple times a second.  not statistically useful for billing.
where this happens more often than not is in a DDoS attack scenario, where you have lots of small flows from often spoofed sources.

whether these are showstoppers really depends on what it is you're looking to achieve.

the C6K is a bit of a swiss army knife.  one of its best feature is that it has so many features.  one of its worse feature is that it has so many features.
understanding what is implemented in hardware, what is partially in hardware and what drops it to software is key to using it in successful operational manner.


certainly we have worked hard on future iterations of the forwarding engine (EARL8 aka PFC4) as used today on Nexus series and they don't have the same kinds of issues.
the default operation on N7K is that netflow is purely used for accounting, it has true h/w sampling (N in M packets), has things like CoPP (control plane policing) enabled by default and does atomic ACL programming by default.
C6K has inherited some of these things over time too - but it has to work within the bounds of what the underlying silicon is capable of.

so is C6K better or worse than "other platforms"?  i guess it depends.  all products will have their strengths and weaknesses. if such a thing as 'utopia' existed in routers/switches, it would be at a price point that makes it unaffordable. :)
the trick is to know what the capabilities are - and limitations - and work within them.

does this make it unsuitable for your needs?  possibly.  only you can decide.
for many people its a workhorse that has worked well over the countless years.  for others, it has had its fair share of challenges.
given the sheer volume of them shipped to date, i'd say on balance that most people don't have challenges with them, or can work through said challenges.


On 20/09/2010, at 8:33 AM, Bill Walker wrote:

> With three upstream providers, you may have issues with the maximum number of routes. The 720 3BXL only supports 1 million routes, sounds like alot but if you have three full international tables, the table isn't big enough as each one will be around 336,000 prefixes.

this is not correct.  the hardware supported 1M FIB prefixes.  routes != prefixes.
only the 'best' route is populated from the routing table (RIB) into the forwarding table (FIB).

note also that the FIB can have multiple destinations for equal-cost prefixes and that still does not consume more than 1 FIB entry.


cheers,

lincoln.


More information about the AusNOG mailing list