asciilifeform: the box that entirely displaces the traditional ip routing system, and instead worx on signed packets, at GB/s, ~can~ , i suspect, be made with off-the-shelf iron. but it is a different pill, i cannot argue that it directly replaces juniperism.
asciilifeform: mircea_popescu: arguably. at one time asic was too costly even for the telcos to deploy en masse, and it was possible to do without. sorta like in mining.
asciilifeform: i dun disagree with mircea_popescu one bit, in re 'juniper/cisco Must Die'. but their death cannot be made from shoe string and bubble gum.
asciilifeform: 'and do we have rockets or only slingshots'
asciilifeform: 'are you launching capsule into orbit or not' 'plox to 1st say, where is orbit, how big capsule, tovarisch stalin'
asciilifeform: if problem is defined in such a way that i can honestly say that i have from what to make it, and can be made to work to spec -- will make. otherwise not.
asciilifeform: imho 'sane fpga' is closest thing to 'philosopher's stone' accessible with current tech.
asciilifeform: usg.fpga is expensive because 'intellectual property' derpitude.
asciilifeform: not if they're 5cents and you can matrix'em together.
asciilifeform: it's an egregious problem in cramped fpga.
asciilifeform: not mega-problem if you have large fabric, leaves lotsa room for optimal connection
asciilifeform: and can chain'em into 'cray' at will.
asciilifeform: http://btcbase.org/log/2018-09-04#1847498 << iirc i answered this in the past, but this thread makes it even moar obvious what the pill is : make a hypertrophied ice40 (i.e. homogeneous lattice of gates.) with these, can bake alt-juniper, alt-pc, crypto, pretty much anyffing you like.☝︎
asciilifeform: however i suspect that 'alt-juniper' would be small change, if we had fab friends, oughta go straight to general-purpose washington-free comp.
asciilifeform: the miner asic derps, somehow pulled this off
asciilifeform: esp. if you're biznis genius and can talk'em into 'you get % of the winnings' in exch for discounts etc
asciilifeform: mircea_popescu: it is almost certainly possible to razor a zero or even two, from the 'ratecard', if you can make friends in cn (or even tw, or kr)
asciilifeform: well yes, i've wanted 1 for ages. but if you add up the cost of a dozen of these, you could instead get equiv fabbed into single die.
asciilifeform: so we want to make and sell a cray-1 ?
asciilifeform: if you want 'modern' (Gb/s+) throughputs, it aint 'ada lines', but transistors. coupla mil of'em.
asciilifeform: thing needs to eat packets, parse fields, sort'em into tables, parallelize lookups ( and below all of this, do such things as driving the sdram , the nic PHYs , shuttle data b/w processors )
asciilifeform: cuz konsoomer off-the-shelf ic dun do it.
asciilifeform: i must repeat, that i'd be lying if i claimed that i knew how to build a box that throws packets at even 1/5th the rate of the cheapest juniper, out of off-the-shelf components.
asciilifeform: the 'allow allcomers but magically filter badness' juniper thing, imho is dead end.
asciilifeform: but this already was formalized by mircea_popescu as gossipd variant.
asciilifeform: now what i ~have~ wanted to bake, for years nao, is a box with ~2~ jacks, that tests rsa sigs on specially-defined packets at line speed, and drops all the ones that dun pass. this is imho the Right Thing, for entirely curing the disease in question.☟︎
asciilifeform: trinque: 'competition' box routes 1G/s from 48 jacks, daisy-chains with 10GB/s snakes, compiles ip filter rules into 1mil+ gate fpga fabric. how do i bake a sucks-less without large fpga ? ( we dun have large fpga, tho we do have working tiny ones )☟︎
asciilifeform: trinque: am i thick, and mircea_popescu right ? how do i bake a 'sucks less than juniper' while being stuck with off-the-shelf nic ic ?
asciilifeform: mircea_popescu: for all i know, they have a microshit antivirus also plugged in. should we then also attempt 'better one' of these as well ?
asciilifeform: it's an algorithmic problem ( i.e. fundamental ), rather than implementation.
asciilifeform: possibly i did not clearly explain the problem with iptables then ?
asciilifeform: mircea_popescu: let's expand on this. what specific functionality would you want in such a device ?
asciilifeform: but there is no way around the 'lookup table entries cost time & space' thing
asciilifeform: some of the fancier units have fpga for filtrations
asciilifeform: ( 'industrial' telco gear is pretty much 'bsd box with array of GB nics soldered in' + some shitware )☟︎☟︎
asciilifeform: mircea_popescu: another important fact to remember : ip rules inevitably slow traffic.
asciilifeform: i do know that many people's pest control setups rely on iptables, and so all new pizarro customers will get it by default. but imho it is a bitter pill.
asciilifeform: fly swatter is not a viable method of serious pest control.
asciilifeform: at one time asciilifeform burned 20-40min erry day manually banning . then got tired of this and went to properly optimize the phuctor db so that it doesn't give a damn re load, up to line speed.
asciilifeform: diana_coman: i used nothing at all. given as bandwidth hogs dun seem to ever have any trouble coming up with ~infinite new ip proxies.
asciilifeform: i ended up going back to it, largely to use the aws-ban script
asciilifeform: http://btcbase.org/log/2018-09-04#1847273 << at the time i built the 1st kernel for these particular iron, i was not using (believe or not) iptables, was quite disappointed with the 'whack-a-mole' approach to bandwidth conservation☝︎
