AW: [c-nsp] Experiences with the performance of Foundy Bigiron 8000 VS a Cisco 12000 & redundancy question

Gunther Stammwitz gstammw at gmx.net
Wed Dec 1 05:48:31 EST 2004 

 

> -----Ursprüngliche Nachricht-----
> Von: Bastiaan Spandaw [mailto:lkml at becobaf.com] 
> Gesendet: Mittwoch, 1. Dezember 2004 03:14
> An: Gunther Stammwitz
> Cc: 'cisco-nsp'
> Betreff: Re: [c-nsp] Experiences with the performance of 
> Foundy Bigiron 8000 VS a Cisco 12000 & redundancy question
[...]
> 
> A while ago we were set with the decision to choose for a 
> dual vendor setup or go on with a vendor-c setup. Maybe our 
> choices can help you decide.
I hope so. Thanks a lot for letting me participate :-)

> The GE-GBIC-SC-B LC's aren't that great receiving DDoS traffic.
> They're spec'd at 700k pps, but with ACL's and uRPF the CPU 
> will max out at around 350k pps. Don't even try netflow on 
> these if you want to survive a significant DDoS attack.
>
So far we haven't been using acls but uRPF on the inside-interfaces in order
to protect our network (or the internet - depends on your position..) and
didn't have any problems during dos attacks. Okay... We aren't running
netflow so that might be why - or maybe simply the dos attack hasn't been
big enough to let our routers sweat.
Well.. No I know what's most probably going to happen during the next dos
attack :-(

 
> The 4GE-ISE LC's are just great! (not possible in a GSR8/40 
> though)
I believe that is not correct. According to
http://www.cisco.com/en/US/products/hw/modules/ps2710/products_data_sheet091
86a008015cfee.html 
One can use that card in a GSR8/40 - 12008.
"Chassis Compatibility:  All Cisco 12000 Series chassis, 7 slots in Cisco
12008 Router—28 ports"
Are we talking about the same card here?

I hope that card will work in our chassis since we'll have to upgrade sooner
or later.
 


> Features like uRPF, netflow, ACL's etc have _no_ 
> impact on forwarding performance. 
>We've had 2GBit/1.8Mpps 
> DDoS attacks with, apart form the victim, no other customers noticing.
Sounds great :-) Where can I get that card again? Hehe No.. For the moment
we have to live with the hardware we have here.


> With 3 full feeds and ~30k routes from an exchange on a
> GRP/256 we ran 88% utilization. At a certain point we had 
> memory fragmentation and a hard crash,
Damn. That shouldn't have happened. Looks like I'll run into problems too.

> Those were the benefits that made us choose a single vendor solution.
> Once we had a IOS bug that affected both routers 
> simultaneously on one site , both died.
> We then decided to run a different IOS version on the backup router.
> Depending on your CCO contracts you could choose a different 
> feature set or possibly just an older version.

You are right, Bastiaan - with different IOS versions or feature sets it
might be possible to avoid such a bug but there's no guarantee for it. Maybe
I should really have a look at the bigiron...

Thanks for your explanations again - it really was a help for me.

Best regards,
Gunther

More information about the cisco-nsp mailing list