On Oct 14, 2012, at 9:02 PM, "Dobbins, Roland" <rdobb...@arbor.net> wrote:
> > Hopefully, you have hardware-based edge devices, not just software-based > devices and (awful) stateful firewalls - the days of software-based devices > on the Internet were over years ago. Software forwarding is usually only a problem if you have the $5 CPU that Cisco puts in their $30K boxes. The overwhelming majority of edge connections are <=1Gbps. A modern x86 can handle several of these connections *per core* at minimum packet sizes with stock Linux/BSD, including ACLs. 10G+ forwarding with minimum packet sizes is possible on a single core using optimized kernels (see Intel DPDK and PF_RING DNA). You don't need to handle more packets than you can possibly receive over your interfaces.
