Broadcom J2/Q2 hardware filters

[Graham Johnston via NANOG <nanog () lists nanog org>]

Good day.

We all expect that in picking a hardware platform built around the Broadcom
Jericho 2 or Qumran 2, that we are realizing our cost savings with some
sacrifices; my use case involves the Q2C and Q2A variants.  One of those
sacrifices appears to be the concurrent set of filters that are able to be
programmed into the hardware at any given time. To be clear, the ASIC seems
to be able to perform a wide variety of functions, but is much more limited
as to what can be enabled at any given time. The hardware filters that I'm
talking about deal with things like packet filtering, QoS classification,
PBR, etc and what can be enabled concurrently for those features for L2,
IPv4, IPv6 along with whether that will work on physical interface,
sub-interface, IRB, and even in the ingress vs egress direction. That said,
I've only experienced this ASIC in conjunction with a single network
operating system, and not a mainstream one. For those of you that have more
experience with the respective models of Juniper ACX, Cisco NCS, Nokia
7250, or Arista 7280R, can you describe your practical experience about
what you've been able to achieve and what you ended up prioritizing in your
use cases?

In my environment, the default VRF is underlay only and all services
operate as VPNv4/6 or EVPN using SR-MPLS. We struck the balance to focus on
L3 for packet filtering and QoS classification and rate-limiting, although
we can still use VLAN tags for QoS classification, and use IRB interfaces
for L3 services. This is high-level, I'm sure the enabled filters let us a
do a little more than this, but we aren't using those features currently,
like PBR.

Thanks,
Graham
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/S4QOSV3XPWMN7WEJW6AIIHTCUPRM2LYK/