Glen Turner gdt at gdt.id.au
Wed Dec 17 10:22:00 EST 2008

 From a design point of view it's a useless number.

Let's pretend to be an ISP happy to implement filtering.

Can you select a router based on its ability to filter
10,000 URLs?  No, because the government isn't limiting
itself to that number.  If you select hardware based
on 10,000 and performance folds at 50,000 then if the
list grows to 50,000 then you've blown at least $5m.

What would have been a useful design number would be
a ceiling to the number of URLs the government
will attempt to block.

Also note that routers aren't set up to deal with these
sort of numbers.  It's going to have to be speciality
code in a forwarding-plane CPU, so 300-600Mbps throughput
per CPU, with a practical limit of about 6 CPU per chassis.
Even that's being generous, since those 6 CPUS will occupy
about 3 to 6 slots, leaving precious few slots to be
occupied by interface cards (and interface cards is the
whole point of a router).

What the government are testing *isn't* what any sane
ISP would deploy.

The form factor is all wrong. PC form factors aren't
good routers. By the time you beef them up with hot
swap and redundant everything you've paid more than
for a router.  Yet the government testing is very
focussed on PC form factors.

The software is all wrong.  These things are going to
sit in the forwarding plane. That is, they will need
to run a routing protocol, so outages can be detected
and routed around.  The government isn't even requiring
the offered software solutions to run a basic routing
protocol like OSPF, let alone the IS-IS used by many

The only solution which makes sense is a router-hosted
solution.  Which means that the trial should really
have been limited to Cisco and Juniper's routers.
Anything else is merely show.

The other thing that hasn't been mentioned is timelines.
Both of those routers will need code written: there is
no feature that will do this job with that many URLs.
The trial isn't funding development of that software,
and its not plain how they'd make the vendors cooperate
in any case.

Those forwarding-plane CPUs are slow and have limited
memory (both a result of heat dissipation issues). Using
a trial from PCs with unlimited power supply and
heat exhaust says nothing about the performance of
a forwarding plane CPU roughly equivalent to a
Pentium III with 256MB of RAM.

When the initial report was released I was strongly
critical of its errors. My absolute pick of that
bunch being that packet size changes depending upon
congestion. I love that error and I'll be using it
as a pass/fail exam question.

What the trial documents show is that the government
hasn't educated itself despite that embarrassment.

