Re: [v6ops] WG Doc? draft-gont-v6ops-ipv6-ehs-packet-drops

[Tom Herbert <tom@herbertland.com>]

On Wed, Mar 16, 2016 at 7:36 AM, Nick Hilliard <nick@foobar.org> wrote:
> otroan@employees.org wrote:
>> that was pretty fundamentalistic. as always it depends. if you're
>> happy with a few 100Gs then you can do it on current commodity
>> hardware.
>
> which in turn depends completely on what features are enabled. in/out
> packet forwarding is simple and can be done fast on commodity hardware
> with software forwarding. When you turn on the sort of features that
> you need on production networks (netflow, qos, filtering, etc)
> forwarding throughput drops dramatically.
>
But if we turn on the "wrong" features like the aforementioned EH's,
IP options, checksum in UDP encapsulation, or use some protocol that a
hardware device isn't designed for-- we can just as easily cause
packet forwarding throughout to drop in HW devices.

For basic packet forwarding (e.g. fabric switches) we'll still happily
use hardware, but flow based ECMP must be supported in these which is
why the flow label support in HW is critical. For more advanced
filtering, load balancing,  ddos mitigation we (large data center
operators at least) are trending toward software solutions on
commodity HW. Even if there is some performance difference with an
equivalent HW solution in terms of features, extensibility and lower
cost are driving factors.

In any case, on the Internet I don't think the differences between HW
and SW solutions are germane. We are bound to the least common
denominator which advances much more slowly than production networks.
Processing an unbounded chain of EHs is probably a problem for anyone
at this point.

Tom