On Fri, 19 Jun 2020 at 14:23, Benny Lyne Amorsen via cisco-nsp <[email protected]> wrote:
> Per-packet overhead is hefty. Is that a problem today? For us it is in DDoS scenario, we have customers whose product is to ingest DDoS and send clean out, so we need to deliver the bad traffic to them. With large per-packet overhead attacker gets huge leverage, as they inject pure IP, then we add overhead, and we need that overhead capacity everywhere to transport it. I'd say the fundamental metrics are a) tunnel must be LEM only on a small on-chip database b) tunnel header must be narrow c) tunnel header must be transistor cheap to parse (wattage, yield) d) all traffic in core must be tunneled -- ++ytti _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
