[FoRK] [Pigdog] if you're not checking out cjdns, you should be

Eugen Leitl eugen at leitl.org
Sun Oct 7 08:41:41 PDT 2012

----- Forwarded message from Miles Nordin <carton at Ivy.NET> -----

From: Miles Nordin <carton at Ivy.NET>
Date: Sun, 07 Oct 2012 11:33:46 -0400
To: pigdog at lists.pigdog.org
Subject: Re: [Pigdog] if you're not checking out cjdns, you should be
User-Agent: T-gnus/6.17.2 (based on No Gnus v0.2) SEMI/1.14.6 (Maruoka)
	FLIM/1.14.7 (Sanjō) APEL/10.6 Emacs/21.4
	(alpha--netbsd) MULE/5.0 (SAKAKI)
Reply-To: The Pigdog mailing list <pigdog at lists.pigdog.org>

>>>>> "el" == Eugen Leitl <eugen at leitl.org> writes:

    el> removes central address allocation (by using IPv6's
    el> FC00::/8) by random address generation

I missed the part about tying the visible address to the crypto.  a
lot of VPN's are shockingly weak aroudn endpoint-binding, so that's

    el> The core logic is castable to an ASIC, and doesn't need
    el> expensive (CAM) route memory of current core routers.

let me guess, there's a small population of "expensive" packets, but
they're outnumbered 10000:1 by "cheap" packets so we can ignore them
for performance reasons.  This is flow forwarding (Riverstone,
Extreme), and it's one of the Failed Dreams of routing because it
turns out DDoSers like to send packet mix that's 100% "expensive"
(either by coincidence, or once they figure out it breaks your shit).

Also, I should repaste humble's "MPLS in practice" rant:
Actually it's somewhat ironic, but many modern routers actually incur additional overhead when doing MPLS lookups vs straight IP lookups. For example, the iconic Cisco 6500/7600 series that powers a large amount of the Internet has a 33% overhead (bringing centralized lookup capacity down from 30Mpps to 20Mpps) when doing an MPLS lookup. The "do the lookup only once at the edge then tag the packet" reason behind MPLS' initial development was a 1998 era problem which has since been totally eliminated. The reason people use MPLS today are:

1) Traffic engineering (since you can dictate the entire path at the ingress point, and allocate LSPs onto paths with available bandwidth).
2) Converged data transport over the same infrastructure as your IP network.
3) Faster failover response, since MPLS lets you "pre-calculate" a backup path for every possible link and node failure and push that backup path into your routing hardware. That way, when a fiber gets cut or a router blows up in your face, every router doesn't have to scramble to calculate a backup, it already knows exactly where to go.
humble226 @ Aug 10th 2009 5:31PM

I'm sort of being contrary.  It's not dumb to have label-swap core,
sounds more than average well-thought.  ...but, again, if "problem
being solved" is "AT&T engineers would jump on any platform that
didn't require them to learn MPLS and just 'autoconfigured' shit if it
had even a few of the same properties," does not seem sane/realistic.
They probably like their learning curve because they're on the top of
it with a big pile of money.  And MPLS does other things than avoid
CAM.  And avoiding CAM isn't as important as we thought it would be
(the true purpose of IPv6 was to shrink CAM footprint.  now, no one
cares bout that reason.).

( || )

Pigdog mailing list
Pigdog at lists.pigdog.org

----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the FoRK mailing list