[c-nsp] Cisco core router (for smaller sized colocation provider)
recomendations please
Kristian Larsson
kristian at juniks.net
Wed Jan 25 02:58:01 EST 2006
On Mon, Jan 23, 2006 at 11:11:47PM +0000, josh harrington wrote:
> Hello, hope this isn't too far offtopic here but being a troller for a long
> time here I've realized there is a great knowledge base so I wanted to at
> least see if i could get some tips. I help run a small colocation company
> in California and I am in the middle of recommending a new 'core router'
> platform for our network. We offer mainly colo and dedicated servers, and
> several of our clients use our space for VOIP services so quality even under
> high peak usage is a must. We are not huge, but as we have had near 200%
> growth in the past 12 months and need to expand our network asap to keep up.
> Simply put, I'd love to hear feedback and/or suggestions from any of you
> guys who have gone through this already.
>
> Our network map is real simple:
>
> [Carrier 7609] --> 100 mbit --> Our cisco 7206 --> 100 mbit --> racks
>
> [the racks on our end are a series of switches, mainly 2948gl3's]
>
> We push about 60 mbit to/from our (1) carrier at peak right now, and the
> router keeps up fine [its a cisco 7206 npe 150 btw, very low end on the 7206
> line], and at peak we have under 50,000 packets per second, and our 7206
> has little/no features enabled [just static routes and passing all traffic
> between 2 Ethernet 100 mbit interfaces].
>
> To date we have had 2 problems, both were DOS attacks launched FROM one of
> our customer's servers flooding a full 100 mbit wire with more packets per
> second than the router could handle (the 2948gl3's spiked to about 50% cpu
> load during the attack but the 7200 literally just died for 3 minutes as the
> interface(s) all rebooted]. So our main goal to grow is something that can
> handle a lot more in this arena against a DOS, and handle our future growth.
>
> In then next 12 months we plan to add a 2nd carrier, at t3, 100mbit, or
> possibly oc3 speed, and possibly upgrade our main carrier to a GigE
> connection. Probably maxing combined in the 300 mbit range, more likely
> closer to half that in 12 months.
>
> ==== Problems/Requirements ====
> - Budget is in the $5k to $20k range ($20k if its going to outlast me even
> past my 12 month projections)
> - must not 'collapse' under simple packet flow DOS attack
> - must handle BGP4 from 2 carriers with full route tables
> - We plan to buy used, prices below are based on USED, 30 day warranty ebay
> postings
>
> ===== Choices/Options that we have looked at: ====
> Option #1: Cisco VXR 7206 [$4k to $12k]
> Option #2: Cisco 12008 [$7k to $14k]
> Option #3: Cisco 6509 [$10k to $15k]
>
> Here are the 3 main options, broken down a bit more in depth. [I have not
> ruled out juniper all together, but not enough experience with them and
> lots of experience with cisco, makes cisco our better option i think,
> especially since its easier to find used cisco gear than it is to find used
> juniper gear at a decent price].
>
> [option #1 - Cisco 7206 VXR]
> --------------------------------
> Estimated: $4,000 [$6,000 with 400 mhz, $12,000 with the 1 ghz cpu upgrade]
> 1 Cisco 7206 VXR NPE 300 mhz w/max ram
> 2 AC Power
> 2 Fast Ethernet Adapters (1 included on the NPE)
>
> + lots of experience on this unit
> + lots of spare cards (most compatible)
> + can keep old 7200 as a hot standby, minimizing long term downtime
> - END OF LIFE/sale/support on most of the 7200 product line over 5 years
> ago! The VXR model is darn close to end of life i suspect
> - minimal horse power here for the money, prone to death by packet attack
Other have already commented on this. Forwarding
is done in cpu thus not a very good platform for
handling DOS attacks.
>
> [option #2 - Cisco GSR (12008)]
> --------------------------------
> Estimated: $7,000 to $14,000 [varies if I start with GigE or just 100mbit]
> 1 Cisco12008 GSR 40Gbps
> 1 Clock Scheduler Card (GSR8)
> 3 Switch Fabric Card (GSR8)
> 2 AC Power
> 1 4 port OC-3c/STM-1 Single Mode
> 1 GE card or a 4 port x 100 mbit
>
> + much higher total bandwidth/packet processing power compared to 7200, for
> similar money
> - product is long since obsolete and outclassed by the 760x cisco router, as
> well as just about any juniper router in the m20+ tier.
> - I'd bet if i buy this, cisco will classify it end of life within 3 months
> :)
> - over priced 'blade cards' to add any other functions/circuits (high costs)
Somewhat repeating what you just said, this is a
legacy platform imho. And someone said a GRP would
do just fine but I would never buy a router today
that only can handle 256MB RAM.
>
> [option #3 - Cisco 6509 switch'router' w/MSFC2]
> ------------------------------------------------------------
> Estimated: $10,000 - $15,000 (and up depending on config)
> 1 WS-C6509 Cisco Catalyst 6500 9-Slot Chassis
> 1 WS-C6K-9SLOT-FAN Catalyst 6000 Fan Tray for 9-Slot Systems
> 1 WS-C6X09-RACK Catalyst 6x09 Rack Mount Kit
> 2 WS-CAC-1300W 1300W AC Power Supply
> 1 CAB-7513AC AC Power Cord
> 1 WS-X6K-S1A-MSFC2 Catalyst 6500 Supervisor Engine-2, 2GE, plus MSFC-2 / PFC
> (WS-X6K-S1A-2GE + MSFC-2 & PFC)
> 1 MEM-C6K-FLC24M 24MB Flash Card
> 1 WS-X6408A-GBIC Catalyst 6500 8-Port Gigabit Ethernet Module (Req. GBICs)
> 1 WS-X6348-RJ-45 Catalyst 6500 48-Port 10/100 RJ-45 Module
>
>
> + could consolidate router/switch into 1 [i.e. replace my 48 port switches
> in each rack]
> + still a major product with sales/support, no end of life 'soon', this is
> still a primary flag ship product
> - 'not a router' as some would say [though this one is as good as it gets
> for a switch with router ability built in, so i read at least]
> - bgp4 support appears limited in previous versions, but the MSFC2 processor
> supposedly can handle (2) bgp4 sessions properly [makes me nervous]
> - no support for anything but 100mbit, or gigE links, wont work with t3, or
> oc3 lines [since i don't know what ill buy from my next carrier this is a
> draw back since i may very well get a circuit this switch/router can't use]
> - 'all eggs in 1 basket' theory, if it breaks you loose all your ether
> switches! [at least with separate routers/switches i can swap in an old 7206
> router spare and get back online fast in a worst case scenario.
This is a really good platform, perhaps even a bit
overkill.
I would like to suggest a fourth alternative:
[option #4 - Cisco 7304 with NSE-100]
A nice little box and with the NSE-100 doing most
things in hardware it's actually rather fast too.
It places itself somewhere between the 6509 and
the 7206. I think you should have a look at it.
Just my .02$
Regards,
Kristian.
More information about the cisco-nsp
mailing list