> > Keep in mind, 72xx is still flow-based, so you need to count *both* > > shared fabric capacity (aka PCI buses) and capacity of NPE to > > establish flows (aka pps rate). > > Why do you say it is flow-based? You *do* use CEF, don't you? In which > case 7200 with NPE-G1 is a prefix-based architecture, with software > forwarding. Thanks for correction, yes, you are right, of course, that was a 'thinko'.
To those watching on sideline: flow-based means router's performance is based on number of flows established, and first packet of each 'flow' is processed differently [slower] from all other within the flow, and things like nachi will kill it. > > NPE-G1 might probably route 3*GE, without any services and if all 3GE are > > in a single flow, but will melt down at a face of one-packet-per-flow DDoS > > (read: "Nachi" worm) at a far lower rate (I'd be surprised if it sustains > > 200kpps DDoS traffic, which can be as low as 150Mbit bandwidth). > > It's the pps that counts, not whether it is one packet per flow or many. > We actually tested NPE-G1 a bit today with small (64 byte) packets, and > we reached considerably higher pps numbers. I'm curious, what pps did you manage to get? -alex