On Mon, Aug 11, 2008 at 01:14:53PM +0200, Marco Fretz wrote: >> How odd. I know at least one site that runs all of their BGP off of >> OpenBGP on OpenBSD boxes that are dedicated as routers. In all cases, >> these systems outperform the equivalent Cisco hardware for a fraction >> of the cost. > > Forget this. Cisco does CEF (cisco express forwarding) that's stream > forwarding in hardware. You don't have a chance to reach this PPS with a > pc / server based router (any os).
However, this only applies to best case traffic; the hardware path does not handle all possibile cases, and corner cases are shunted to the underpowered CPU for special handling. An attacker can take advantage of this and overwhelm a "hardware" router with far fewer packets than their marketing glossies would have you believe, so in order to get your desired performance in all situations you have to go with a much bigger system. One nice thing about "software" routers is that the spread between their best case and worst case performance is much narrower, so they are easier to size and test.
