[c-nsp] 6500 w/sup32 as BGP edge router?

Rodney Dunn rodunn at cisco.com
Wed Feb 2 10:17:15 EST 2005


If it were me I'd not go with a software forwarding
platform if I was concerned about large volumes
od DDOS traffic that needed to be evaluated
and dropped.  I'd look at something with some
hardware dropping capability.

7304/NSE100, 76xx(sup720), or GSR.

The sup720 combination has a lot more functionality
in regards to hardware rate limiters to help
you protect the RP for various traffic types and
ACL's.

If you connection links are small and the software
forwarding CPU is fast enough you can do things
like CoPP to protect the CPU but even with that
if you get high enough rates you can overrun the
CPU.  It all depends on the deployment.

Rodney
 
On Wed, Feb 02, 2005 at 02:33:14PM +0100, Tantsura, Jeff wrote:
> 
> Rutger,
> 
> According to Cisco sup32 will at least in the begin come with CATOS
> only, so no BGP/fancy things.
> I'd go for 7200 GE option.
> 
> Jeff
> 
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Rutger Bevaart
> Sent: Wednesday, February 02, 2005 1:23 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] 6500 w/sup32 as BGP edge router?
> 
> 
> hello list,
> 
> i'm currently evaluating possibilities for an edge router with the
> following requirements,
> 
> - able to handle at least three full BGP4 feeds (~160K routes);
> - future proof to implement IPv6 in the coming two years, including full
> feeds;
> - relative low bandwidth requirements (10 - 40Mbps);
> - two Gbit ethernet ports to local colo and server LAN(s);
> - most connections will be ethernet, possibly one or two STM1 / OC3;
> - resistent against DDoS attacks - able to handle a few hundred Mbits of
> DDoS traffic until we can resolve it with upstream peers;
> - low cost;
> 
> the options i've covered so far include,
> 
> - 7204VXR / 7206VXR using NPE400 or NPE-GE;
> - 7301 or 7304-NSR;
> - 6503 with Sup32;
> 
> right now i have the feeling that the 6500 route would cost-wise be a
> very
> smart choice. the sup32 offers 15Mpps (cisco spec) that should cover the
> DDos part. the embedded 8 gbit ethernet ports come in handy for the
> upstreams and downstream connections. adding a flexwan slot will bring
> in
> the STM1 connectivity.
> 
> on the other hand, it is no a pure routing platform such as a 7304 with
> NSE (that does 3.5Mpps according to cisco).
> 
> this has probably been discussed to death (pardon my ignorance) but how
> would the 6503 scenario stand against the general routing platforms such
> as the 7304?
> 
> regards
> Rutger Bevaart
> 
> URL:
> http://www.cisco.com/en/US/products/hw/modules/ps2797/products_data_shee
> t0900aecd801c5cab.html
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient,  you are not authorized to read, print, retain, copy, disseminate,  distribute, or use this message or any part thereof. If you receive this  message in error, please notify the sender immediately and delete all  copies of this message.
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list