> > That's interesting, given that most larger routers don't support 1:1. > > I find that strange, because if you're doing in in HW, doing hash > lookup for flow and adding packets and bytes to the counter is cheap. > It's expensive having lot of those flows, but incrementing their > packet and byte counter isn't. > > I know that all JNPR Trio kit (MX, T, EX9k...) do 1:1. I guess if > you're doing it in LC CPU things are very different.
A relevant question might be if the Trio hardware can do 1:1 while handling multiple ports of line rate DDoS traffic consisting of small packets with different port numbers (i.e. high pps traffic resulting in basically 1 flow per packet). No, I don't know the answer (but I suspect it might be negative). Here we're using Trio hardware with 1:100 sampling, and are reasonably happy with the results. Steinar Haug, AS2116
