Re: Looking for switch recommendations ...

From: Luigi Rizzo (rizzo_at_icir.org)
Date: 03/26/04

  • Next message: Kevin Day: "sendfile returning ENOTCONN under heavy load" 
    Date: Fri, 26 Mar 2004 14:58:57 -0800
To: Wes Peters <wes@softweyr.com>

    On Fri, Mar 26, 2004 at 02:25:34PM -0800, Wes Peters wrote:
    ...
    > In the Xylan (now Alcatel) second-generation switches (The "X-Frame"
    > backplane) the switching hardward was capable of switching on the MAC
    > header *or* other predefined parts of the packet if no MAC header matches
    > were found. This feature was used to implement hardware routing (the HRE-X
    > module), allowing us to route packets between IP networks at a million
    > packets per second.

    i think you need to tell the full story, such as what was the
    limit on the routing table, and whether switching packets for
    which there wasn't a host-specific entry was slower.
    Finally, cost is not an inessential detail here... I
    pointed to an L2 switch which can switch around 2.5Mpps and
    costs Eur 60, retail...

    An L2 switch has two big advantages over an L3 switch:

    + only an exact match on the MAC address is necessary, as opposed to
      the longest prefix match which is required for a router.
      Surely you need more/different hw to do longest prefix match
      than the one needed for L2 exact match.
      Sure, you can install host-specific entries and then use an
      exact match on those, but the 'miss' case is more expensive, and
      if you want to do a worst-case rating, then you need to
      use that number;
     
    + in case of a miss, an L2 can flood all ports, a router can't
      (well, in principle even a router could do that, but i think the
      reviews wouldn't be so nice if a product did this).

    So an L2 thing is inherently cheaper as it can play tricks to
    cut costs down and still behave within the specs.

            cheers
            luigi
    _______________________________________________
    freebsd-net@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-net
    To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

  • Next message: Kevin Day: "sendfile returning ENOTCONN under heavy load"

    Relevant Pages

    • RE: Exploit code for IP Smart Spoofing
      ... If there is a MAC violation, this is logged and the port is ... traffic of one other host on the switch. ... but there is no way to protect against ...
      (Bugtraq)
    • Re: Network scanning
      ... > level before the switch will enable that port... ... > new MAC and disable the port. ... >> informieren Sie bitte sofort den Absender und vernichten ... Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich ...
      (Security-Basics)
    • RE: gratuitous arp and bad mac
      ... Are you implementing any Layer 2 Switch Fault Tolerance? ... public network only but also NOT recommened in a cluster. ... > I looked at the arp table and found that the mac address for ... > sql-a was now matching the mac for node2. ...
      (microsoft.public.windows.server.clustering)
    • RE: Caching a sniffer
      ... I can think of at least four behaviors, each of which would give different ... Dump the entire MAC table. ... Switch acts as if power on reset just ... Shutdown port - assume hostile intent and stop forwarding traffic. ...
      (Security-Basics)
    • RE: rogue IP address
      ... the alert from the LAN management software can be enough - if it ... if it's a D-Link MAC ... Program the switch to drop that IP address - see who screams. ... prospectus based upon the core principle concepts of security. ...
      (Security-Basics)