Christian Huitema wrote on 25/11/2018 20:40:
Nick made that point, probably unintentionally, when he wrote that "transit operators would generally take the view that any data-plane packet which needs to be put through a slow path will be rate limited up to 100% loss". Last I checked, data plane processing is implemented in specialized components that are designed for speed.
I was talking specifically about dfz transit routers, not edge devices or firewalls. There are exceptions to fast-path processing where data-plane packets are punted to management plane CPUs for generalised processing rather than being forwarded by the ASIC / NPU due to hardware inability to process the packets correctly (e.g. gigantic EH chains), or by protocol specification (e.g. hbh). What I said previously referred to control plane rate limiting of these types of data plane packets.
Nick
