[c-nsp] Cisco gear for hosting provider

[Alex Campbell]

Hi everyone,

I'm looking for advice on the best Cisco gear for a smallish hosting
provider environment.  We have one primary transit provider, one backup
transit provider and we also peer at a local IX (from which we take about
2500 prefixes).  All our external connectivity is delivered over cat6
ethernet.  We are not handling massive traffic loads under normal conditions
but have very high SLA requirements, so of course we will buy 2 devices and
run them in failover.  We also want to be able to handle DDoS conditions as
best as possible.

Here are my thoughts so far on the obvious options:

28xx
+ fairly small (1RU)
+ can take 768MB of RAM, so presumably can handle 2x full internet tables
(not sure how happy it would be though)
- software based L3 forwarding
- still quite expensive for what they are, particularly for additional FE/GE
interfaces
- not much room for growth
- will presumably catch fire under major DDoS conditions

3750G EMI
+ great price/performance ratio, 24xGE interfaces builtin
+ no need for separate switches (uplink servers to both devices with
active/passive teaming)
+ very fast hardware L3 forwarding
+ lot of room for growth in traffic
+ great for diffusing DDoS attacks
- limited QoS capabilities
- can't take anywhere near full internet tables (limited to something like
11,000 unicast routes)

7204 VXR / NPE-G1
+ well known, trusted platform
+ still software based L3 forwarding, but fast
+ can easily take full internet tables
- very expensive
- larger footprint than alternatives above

The 2811 and 3750G solutions will probably come out at around the same
price, so I guess a major question here is whether being able to take full
tables on the 2811 (protection from partial upstream failure, ability to
load balance) is more useful than being able to push packets at linerate GE
on the 3750G.

Any advice, guidance or suggestions would be most appreciated.

Regards,

Alex