I didn't realize the vendors had pushed so much into ASIC these days. Just did a lot 0f reading and it's really impressive the amount of work that has gone into squeaking out every tiny bit of performance possible. I still don't see why you would need much horsepower in a CPU, or why a product like this doesn't exist already. Wire speed routing of billions of packets per second would take insane horsepower if done through strictly the CPU. My question is still, why though? Why force 100% of all traffic through the CPU. Looking at this from an engineering standpoint, I don't see why the ASIC can't stay nearly identical to what it is and only push selective packets that need CPU interaction to the CPU, all other packets just pass through the ASIC as they would in a standard switch. The ASIC would need a hardware path designed to funnel this traffic to a CPU, and it would be limited to the link speed from ASIC to CPU, but it could still be very fast. There's no reason a 100GbE port couldn't go to the CPU, a direct PCIe bus, or use something akin to Intel's QPI links. A multi-core ARM CPU with some extra ASIC's or FPGA built into the die could do some amazing stuff here. I just don't understand why no companies have really done this yet. I'm no chip engineer, and I'm glossing over a good chunk of research and work that would be required, but it's entirely doable. Imagine having 48 GbE PoE ports, and 4-8 100GbE ports on a single 1U device that did all of your routing and firewalling that could be stacked with multiple switches if more ports were needed. This would be a huge top of rack solution, and would solve a real need, especially in medium size organizations and satellite offices. I can see workloads where this wouldn't be feasible, if for example, you expected the vast majority of your traffic to hit the CPU instead of the ASIC, you would need real big iron firewalls, but it seems like that should be the niche, not the mainstream. Granted, pfSense is probably a bad example because of it's specific architecture, but I was going more for the concept as an example, not a specific why doesn't pfSense run on my switch, more of a why doesn't this product category exist?