RE: 10GE router resource

The PIX are EoS.  Yes, they were white boxes when Cisco
bought out the
original company.  The ASA's, however, are not white boxes. 
That said, it
is notable that Cisco is now running their latest announced
hardware,
primarily the Nexus 7000's and ASR's, run a Linux kernel and
IOS on top of
that.  That doesn't make them white boxes either though.

Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS
Senior Network Engineer
Coleman Technologies, Inc.
954-298-1697


-----Original Message-----
From: owner-nanogmerit.edu [mailto:owner-nanogmerit.edu] On Behalf Of
Lamar Owen
Sent: Wednesday, March 26, 2008 12:20 PM
To: nanognanog.org
Subject: Re: 10GE router resource


On Tuesday 25 March 2008, Aaron Glenn wrote:
> On Tue, Mar 25, 2008 at 6:15 PM, Patrick Clochesy
<patrickchegg.com>
wrote:
> > Very interesting study I had not seen, and a
bummer. That really puts a
> > cramp in my advocation of our CARP+pf load
balancers/firewalls/gateways.
> > Than again, what's a PIX box capable of?

> I'd rather tweak a whitebox than pay through the nose
for a PIX.

But aren't PIXen whiteboxes internally?  I know the PIX-like
LocalDirector 
that was donated to us makes a very nice nBox deployment for
us.

Lots of these sorts of boxes are internally whiteboxes (I'm
using that term 
loosely to mean an Intel-based box that could potentially
run something like

a Linux or *BSD).  The second-hand Content Engine 565 I got
on eBay that had

a fried power supply was just a Cisco-labeled IBM eServer
xSeries 305, and 
was loaded with WindowsXP when I got it.  It's running
CentOS 5 now, with a 
new IBM power supply in the box.  The two earlier Content
Engines and two 
even earlier Cache Engines I got second-hand are likewise
custom Intel 
hardware; PIII 800's, to be precise.  Now, they DO use ECC
RAM, which most 
whiteboxes won't have.  But otherwise they are customized
whiteboxes, and 
you're paying for the software and support.

But cisco is not alone in this.  Nomadix gateways, to use
one example, are 
built on custom embedded x86 systems.

What I'm waiting on is someone to take a system like a
Xilinx ML410 dev
board 
and use the FPGA to do hardware-accelerated
forwarding/filtering.  See 
http://www.lynuxworks.com/board-support/xilinx/ml410.php
 for info on the 
board.

As to PIXen performance, see the charts in 
http://en.wiki
pedia.org/wiki/Cisco_PIX
-- 
Lamar Owen
Chief Information Officer
Pisgah Astronomical Research Institute
1 PARI Drive
Rosman, NC  28772
(828)862-5554
www.pari.edu

> That said, it
> is notable that Cisco is now running their latest
announced hardware,
> primarily the Nexus 7000's and ASR's, run a Linux
kernel and IOS on top of
> that.

Moore's Law may have helped software packet forwarding rates
but there's still
2 to 3 orders of magnitude performance difference between
hardware & software.

just to be clear about a few things:

in the case of Nexus 7K the control-plane runs atop of
Linux, data-plane runs
entirely in custom packet forwarding ASICs distributed on
the I/O (linecard)
modules.  N7K never drops to "software
forwarding".  the first forwarding
engine in N7K does 60M PPS with all features enabled.  i.e.
you could be
performing ACLs on port, VLAN & routed on both ingress
& egress, doing netflow,
policing, QoS, whatever - its still 60M PPS.

you'll see that pps numbers scale upwards as the product
progresses through its
roadmap.


Cisco doesn't make any secret of N7K running atop of Linux,
the reality is that
it doesn't have to be Linux, it could be any
SMP/multi-threaded capable
POSIX-compliant kernel, it just so happens that Linux makes
sense for a variety
of reasons.

Also, perhaps pedantic but just to be absolutely clear: N7K
doesn't run on IOS,
it runs on NX-OS.


ASR is slightly different, it can perform packet processing
in software (IOSd)
however that is really only meant for things that don't make
sense to implement
in what is now called the QuantumFlow programmable
processor.  e.g. if you
needed your AppleTalk or Vines running at millions of
packets/second, then i'd
argue you have bigger problems. 


cheers,

lincoln.