[c-nsp] 6500 w/sup32 as BGP edge router?

Tim Stevenson tstevens at cisco.com
Wed Feb 2 11:35:16 EST 2005 

At 07:17 AM 2/2/2005, Rodney Dunn commented:
>If it were me I'd not go with a software forwarding
>platform if I was concerned about large volumes
>od DDOS traffic that needed to be evaluated
>and dropped.

Sup32 is not a software forwarding platform.


>  I'd look at something with some
>hardware dropping capability.
>
>7304/NSE100, 76xx(sup720), or GSR.

Given the correct software, Sup32 will have all the same CPU rate limiters 
as sup720, these are a function of the PFC3B, which sup32 comes with by 
default.

That said, the software roadmap is such that we won't have L3 capability on 
this sup at FCS, so hybrid & later native support will be required to get 
the L3 functionality & the L3 CPU rate limiters (L2 RLs supported at FCS).

>The sup720 combination has a lot more functionality
>in regards to hardware rate limiters to help
>you protect the RP for various traffic types and
>ACL's.

The MSFC3 CPU is slightly higher horsepower than MSFC2A of sup32 & has more 
DRAM by default; and of course, the fabric capacity and thus potential 
performance is MUCH higher for sup720 vs sup32. For relatively low-speed 
WAN links and BGP peering, sup32 should be adequate.


>If you connection links are small and the software
>forwarding CPU is fast enough you can do things
>like CoPP to protect the CPU but even with that
>if you get high enough rates you can overrun the
>CPU.  It all depends on the deployment.

Again, this is a h/w forwarding sup, it uses FIB/ADJ model just like 
sup720. CoPP will be supported in sup32 when native s/w is available. In 
terms of BGP peering, when L3 s/w is available, this will be possible & 
supported, the RP is MSFC2a, which is virtually identical to MSFC2 on sup2.

In any case, if you need to do peering today, sup720 is the best option.

Tim


>Rodney
>
>On Wed, Feb 02, 2005 at 02:33:14PM +0100, Tantsura, Jeff wrote:
> >
> > Rutger,
> >
> > According to Cisco sup32 will at least in the begin come with CATOS
> > only, so no BGP/fancy things.
> > I'd go for 7200 GE option.
> >
> > Jeff
> >
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net
> > [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Rutger Bevaart
> > Sent: Wednesday, February 02, 2005 1:23 PM
> > To: cisco-nsp at puck.nether.net
> > Subject: [c-nsp] 6500 w/sup32 as BGP edge router?
> >
> >
> > hello list,
> >
> > i'm currently evaluating possibilities for an edge router with the
> > following requirements,
> >
> > - able to handle at least three full BGP4 feeds (~160K routes);
> > - future proof to implement IPv6 in the coming two years, including full
> > feeds;
> > - relative low bandwidth requirements (10 - 40Mbps);
> > - two Gbit ethernet ports to local colo and server LAN(s);
> > - most connections will be ethernet, possibly one or two STM1 / OC3;
> > - resistent against DDoS attacks - able to handle a few hundred Mbits of
> > DDoS traffic until we can resolve it with upstream peers;
> > - low cost;
> >
> > the options i've covered so far include,
> >
> > - 7204VXR / 7206VXR using NPE400 or NPE-GE;
> > - 7301 or 7304-NSR;
> > - 6503 with Sup32;
> >
> > right now i have the feeling that the 6500 route would cost-wise be a
> > very
> > smart choice. the sup32 offers 15Mpps (cisco spec) that should cover the
> > DDos part. the embedded 8 gbit ethernet ports come in handy for the
> > upstreams and downstream connections. adding a flexwan slot will bring
> > in
> > the STM1 connectivity.
> >
> > on the other hand, it is no a pure routing platform such as a 7304 with
> > NSE (that does 3.5Mpps according to cisco).
> >
> > this has probably been discussed to death (pardon my ignorance) but how
> > would the 6503 scenario stand against the general routing platforms such
> > as the 7304?
> >
> > regards
> > Rutger Bevaart
> >
> > URL:
> > http://www.cisco.com/en/US/products/hw/modules/ps2797/products_data_shee
> > t0900aecd801c5cab.html
> >
> >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> > This message contains information that may be privileged or 
> confidential and is the property of the Capgemini Group. It is intended 
> only for the person to whom it is addressed. If you are not the intended 
> recipient,  you are not authorized to read, print, retain, copy, 
> disseminate,  distribute, or use this message or any part thereof. If you 
> receive this  message in error, please notify the sender immediately and 
> delete all  copies of this message.
> >
> >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>_______________________________________________
>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/



Tim Stevenson, tstevens at cisco.com
Routing & Switching CCIE #5561
Technical Marketing Engineer, Catalyst 6500
Cisco Systems, http://www.cisco.com
IP Phone: 408-526-6759
********************************************************
The contents of this message may be *Cisco Confidential*
and are intended for the specified recipients only.

More information about the cisco-nsp mailing list