[nsp] recommendations

[Kristofer Sigurdsson]

sthaug at nethelp.no, Wed, May 19, 2004 at 08:39:05PM +0200 :
> > > > I'm looking for a solution for running BGP and 3 FE interfaces running
> > > > up to a total of 200mbs.  What is the smallest that will do this?  3700?
> > > > 6506 sup 1a msfc2? 3750? Or do I have to go up to a 7200, 7500 or 7600?
> > > 
> > > You haven't specified your needs sufficiently.
> > > 
> > > If you don't need a full Internet routing table, a 3550 with EMI will
> > > do the job just fine.
> > 
> > In my opinion, the 3550 is not good enough for this.  It doesn't do netflow
> > exporting (accepts the command, but doesn't do it), it presents all kind
> > of weird behaviour when pressed to the limit, feature wise, although it is
> > a nice piece of equipment when you need simple 2nd or 3rd layer distribution
> > layer equipment.  It is limited to 24k routes.
> 
> Yup, that's why I asked whether he needed full Internet routes. That
> question has now been answered in the affirmative, so the 3550 is out.
> However, I still think the 3550 is a decent box if you can live with
> the limitations (small routing table, no netflow, etc). Yes, I have
> used the 3550 with BGP quite a few times.

I haven't used BGP on the 3550 in a production environment, so I think I'll
withdraw from this discussion. :)  I've used them a lot for other things, though,
and I think we agree that it's lack of features is a substantial drawback...

> 
> > aren't the M7's a little bit too advanced (and expensive) for this?  IIRC,
> > the M5's were in competition with Cisco's 7000 series VXR's.
> 
> We are given 3 FE interfaces for a total of 200 Mbps, and full Internet
> routes. You can certainly get a 7200 or 7500 to do that - but how will
> they handle a DoS attack? 200 Mbps of minimum sized packets is almost
> 300k pps. I wouldn't want to bet on a 7200/NPE-400 for that (even if
> Cisco claims up to 400k pps), but the NPE-G1 should handle it just fine
> if you haven't enabled too many other features. A Juniper M7i, which
> does hardware forwarding, will just idle along.
> 
> (I see somebody suggested the 2691. Well, Cisco claims up to 70k pps
> for the 2691, which in theory would give you 200 Mbps with an average
> packet size of around 350 bytes. So - do you believe Cisco's numbers,
> and is your average packet size more than 350 bytes? I'm afraid I
> don't believe the 2691 is sufficient here.)

It was I who suggested the 2691.  It was based on the original poster's question,
in which he specifially asked for the smallest (cheapest, presumably) router that
could handle the task.  Yes, I realise the 2691XM is the very smallest router that
one would consider for this task...

However, I must admit I forgot to take DoS's into account.  But how common are they
in the environment in which this is to be used and is the original poster willing to
pay two or three times more for the router to be able to handle DoS attacks?

Another thought: if the router is supposed to be an edge router only, does it really
matter that much (enough to justify the extra cost) if it can handle huge DoS attacks or
not, as said DoS attack would still render the outside link unusable due to it's load...
so, even if the router would be doing fine, the link would not, hence the same result.

I realise the above paragraph may start a flame war, I'd like to make it clear, this is
just a thought, not a stated opinion or something I suggest should be used for making
policies regarding network equipment purchasing...

Summary: In my opinion, the 2691XM would probably do the trick under normal circumstances, but
you need a 7200 VXR with NPE-G1 if you want to be able to handle (large) DoS attacks.
Now, looking at your needs and your budget, which one is it going to be? :-)

Just my two cents...kronas? :)

-- 
Kristófer Sigurðsson		   | Tel: +354 525 4103 / MSN: ks at rhi.hi.is
Netsérfræðingur/Network specialist | Reiknistofnun HÍ/University of Iceland