[c-nsp] Experiences with the performance of Foundy Bigiron 8000
VS a Cisco 12000 & redundancy question
Bastiaan Spandaw
cisco-nsp at becobaf.com
Tue Nov 30 21:19:18 EST 2004
Gunther Stammwitz wrote:
>We're trying to increase our redundancy and I'm trying to decide whether it
>is better to buy a Foundry Bigiron 8000 in addition to our existing Cisco
>GSR8/40 or if - maybe - a second Cisco would be the better choice.
>
>
I don't have any experience with foundry bigirons, but do
have quite some experience with the GSR and DDoS attacks.
A while ago we were set with the decision to choose for a dual
vendor setup or go on with a vendor-c setup. Maybe our choices
can help you decide.
>At the moment we have a GSR8/40 that is full redundant and utilizes 2 GRPs
>with 256 MB ram and we're using GE-GBIC-SC-B line cards and they match our
>requirements which are to handle about 200 megabits of traffic AND to
>sustain a hard (d)dos-attack which might be up to a gigabit of fragmented
>traffic.
>
>
The GE-GBIC-SC-B LC's aren't that great receiving DDoS traffic.
They're spec'd at 700k pps, but with ACL's and uRPF the CPU
will max out at around 350k pps. Don't even try netflow on these
if you want to survive a significant DDoS attack.
We still have 14 GE-GBIC-SC-B's in production, but only on the
inside of our network, where we have direct control of the traffic.
Our external LC's are 3GE or 4GE-ISE.
The 3GE's are nice, but the CPU goes through the roof when
we get a DDoS and have netflow enabled. I believe they're
spec'd @4mpps without features. We only use 2 out of the 3 ports
that way we can reach wire speed forwarding. (no netflow)
The 4GE-ISE LC's are just great! (not possible in a GSR8/40 though)
Features like uRPF, netflow, ACL's etc have _no_ impact on
forwarding performance. We've had 2GBit/1.8Mpps DDoS
attacks with, apart form the victim, no other customers noticing.
>Regarding the current discussion of the growing bgp tables: I know that we
>will sooner or later run into problems regarding the memory.. but that's not
>the topic right now.
>
>
With 3 full feeds and ~30k routes from an exchange on a
GRP/256 we ran 88% utilization. At a certain point we had
memory fragmentation and a hard crash, we then decided to
upgrade to GRP-B's with 512.
Currently 4 full feeds + exchange results in a 53% utilization.
>I'm asking myself right now whether to buy another Cisco which is good since
>I know how to administer the gear and you can find a external technician
>easily. We could also exchange line cards between both routers. A big CON is
>that it is exactly the same gear we have right now and if there's an ios
>fault most probably both machines will fail.
>
>
Those were the benefits that made us choose a single vendor solution.
Once we had a IOS bug that affected both routers simultaneously on
one site , both died.
We then decided to run a different IOS version on the backup router.
Depending on your CCO contracts you could choose a different
feature set or possibly just an older version.
Regards,
Bastiaan Spandaw
More information about the cisco-nsp
mailing list