[arin-ppml] A challenge to the assumption that a big DFZ is aproblem

Michel Py michel at arneill-py.sacramento.ca.us
Tue Dec 15 01:02:03 EST 2009

> Ted Mittelstaedt wrote:
> Today I can walk into the store and purchase a PC that has a CPU
> in it that runs at a clock speed of at least 10 times of
> most routers, and has at least 10 times the amount of ram, for
> a quarter of the cost of the annual service contract for most
> DFZ routers  (let alone the hardware cost)

I'm sorry, but you have no idea how a core router actually works. I will
try to make a comparison with a device that you may actually have seen.

In my laptop bag, I carry this switch:
It's a $100 device, 8W power. It's my sniffing switch. I picked it
because it has port monitoring and other features such as ACLs.

You can't even build a PC that does this today. Toss anything you want
in the box: DDR3 1066, Dual quad-core, 2x quad GigE (or 4x dual GigE)
NICs, 16x PCIExpress cards if you like, any way you do it you have a
800W $4,000 large box that won't remotely do what the smallest commodity
consumer $100 product does. As of today, no PC will do 16 Gbps
forwarding with ACLs or port monitoring.

The difference is: the switch does it in HARDWARE. I don't know what
kind of CPU there is in that specific unit, but it's in the same class
as a web-enabled refrigerator.
A DFZ router is the same, except that the problem is 1000 times worse:
not only there is BGP to deal with (instead of a simple MAC address
match), but a large router can have hundreds of ports as well.

There is a reason why Cisco and Juniper still sell these multi-million
dollar routers. They work (mostly). If someone had found a way to
replace a CRS-1 or a T1600 with a PC, Cisco and Juniper would be out of

Please, I understand this is a public mailing list but these sci-fi
theories about having a PC than can't even emulate a $100 switch replace
a core router, give me a break.

More information about the ARIN-PPML mailing list