[c-nsp] pricing vs performance
Jon Lewis
jlewis at lewis.org
Wed Dec 1 16:39:26 EST 2004
On Wed, 1 Dec 2004, Jared Mauch wrote:
> > Which one would provide a better "leading edge" with respect to
> > withstanding ddos attacks? (i.e., gives me a chance to do something
> > with the traffic before it crushes customer links, on other routers)
>
> the distributed platform (gsr) of course.
>
> now, if you want to be able to touch every packet, the npe-g1 is
> better, since it's a centralized processor, so anything they can write code
What about the 6500/7600 platform? We're in a similar boat. We're using
a mix of 7206s and 7500s for our core routers, and they generally deal
with "normal" traffic well enough, but if someone points a DDoS at us,
even the 7500s tend to roll over and play dead under sufficiently high
values of kpps. Having heard good things about them, and since our
transit connections have all moved to FE, we're looking at possibly moving
to 6500s with MSFC2s to handle the transit connections. Using 7206s with
NPE-G1 has the advantage of keeping us in familiar territory (router IOS)
vs the unfamiliar high-end cisco switch IOS.
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the cisco-nsp
mailing list