On 2015-05-19 14:23, Pavel Odintsov wrote:
Hello!
Somebody definitely should build full feature router with
DPDK/netmap/pf_ring :)
Netmap yes. The rest no. Why? Because netmap supports libpcap, which
means everything just works. Other solutions need porting.
You are going along, someone mentions a neat new libpcap based tool on
NANOG and you want to try it out. If you've got DPDK/pf_ring, that means
you are now having to port it. That's a fair amount of effort to just
eval $COOL_NEW_TOOL.
I have finished detailed performance tests for all of them and could
achieve wire speed forwarding (with simple packet rewrite and checksum
calculation) with all of they.
With what features applied? DPDK with a fairly full feature set
(firewall rules/dynamic routing/across a vpn tunnel/doing full l7 deep
packet inspection) on straight commodity (something relatively recent
gen xeon something many cores) hardware on $CERTAIN_POPULAR_RTOS seems
to max out ~5gbps from what my local neighborhood network testing nerds
tell me.
As always, your mileage will most certainly vary of course. The nice
thing about commodity boxes is that you can just deploy the same "core
kit" and scale it up/down (ram/cpu/redundant psu) at your favorite
vendors procurement portal (oh hey $systems_purchaser , can you order a
couple extra boxes with that next set of a dozen boxes your buying with
this SKU and take it out of my budget? Thx).
You are still going to pay a pretty decent list price for boxes that can
reasonably forward AND inspect/block/modify at anything approaching line
rate over say 5gbps. Then you have things like the parallela board of
course with it's FPGA. And you have CUDA cards. But staffing costs for
someone who has FPGA(parallel in general)/sysadmin/netadmin skills....
well that's pricy (and you'll want a couple of those in house if you do
this at any kind of scale). Or you could just contract them I suppose
(say at like $700.00 per hour or so?, which is what I'd charge to be a
one man FPGA coding SDN slinging band since it's sort of like catching
unicorns) Course you could just have your jack of all trades in house
sys/net ops person and contract coding skills as needed.
Don't think this will really save you money. It won't.
Buy a Juniper. Seriously.
(I have a 6509 in my house along with various switches/routers/wifi/voip
phones (all cisco). I'm not anti cisco by any means). But they are
expensive from what I hear. You get what you pay for though.
What it will get you, is a very powerful and flexible solution that lets
you manage at hyperscale with a unified command/control plane. It's
DEVOPS 2.0 (oooo I can fire my netadmins now like I fired my sysadmins
after I gave dev full prod access? COOL!) (Yes I'm being incredibly
sarcastic and don't actually believe that). :)
Also look at onepk from cisco. It's kinda cool if you want SDN without
having to fully build your own kit.
