On Fri, Dec 2, 2016 at 11:07 AM, Christopher Morrow <morrowc.li...@gmail.com > wrote:
> On Fri, Dec 2, 2016 at 11:02 AM, Simon Lockhart <si...@slimey.org> wrote: > > > On Fri Dec 02, 2016 at 10:29:56AM -0500, Christopher Morrow wrote: > > > you'd think standard testing of traffic through the asic path somewhere > > > between 'let's design an asic!' and 'here's your board ms customer!' > > would > > > have found this sort of thing, no? or does testing only use 1 mac > address > > > ever? > > > > Well, it's actually payload, rather than src/dst MAC used for forwarding, > > so > > there's quite a few more combinations to look for... > > > > 2^(8*9216) is quite a lot of different packets to test through the > > forwarding > > path... But, wait, that assumes every bit combination for 9216 byte > > packets, > > but the packet might be shorter than that... So multiply that by > (9216-64). > > > > > but most/all forwarding asics (aside from perhaps extreme's?) only deal > with the first N bits in the header (128 or so..) so... not quite as many > right? This sounds related to the well-known (at least 10+ years) issues around guessing the type of IP packet by looking at the first nibble of the encapsulated packet. Take a quick look at RFC 7325, section 2.4.5.1 bullet 6. This is what using the pseudo-wire code-word is meant to protect against. I don't know if that's an option for networks using this. Regards, Alia > > > Anyone want to work out how many years that'd take to test, even at 100G? > > > > Simon > > >
