[c-nsp] Real life and worst-case performance of Cisco and Juniper?
Mark Tinka
mtinka at globaltransit.net
Fri Feb 27 11:13:31 EST 2009
On Friday 27 February 2009 11:08:12 pm Rick Ernst wrote:
> - What device would you use for upstream/core
> connectivity that would be able to withstand high pps
> DDoS?
Depends on:
a) how much bandwidth/pps you hope to handle
b) what switch fabric you have
We don't like giving vendors "free" money, so...
If I had to guess, I'd say, from Cisco, start off with an
ASR1002 for the upstream, and take it from there. From
Juniper, look at the M7i here.
For the core, I'd say consider an ASR1004/6 and work your
way up from there. From Juniper, consider an M10i.
> - What device and features would you use to terminate
> hundreds of rate- limited ethernet connections?
Apart from 802.1Q VLAN's, policers, QoS, routing protocols,
e.t.c., the rest of the features depends on what you want to
achieve.
As for the device, again, not sure what your traffic levels
are, but if you're looking at hundreds of Ethernet
connections, a 7609-S from Cisco sounds good (if an ASR1006
trunked to a couple of 3560G's is out of the question). Some
folk may recommend running switches as routers, but we tend
to like real routers doing that...
From Juniper, for hundreds of Ethernet connections, take a
look at their MX480 router (if an M7i/M10i trunked to a
couple of EX3200's is out of the question). Again, some folk
may recommend running the EX3200's as routers, but...
> Both devices would need to be able to handle full tables.
Precisely why the low-end so-called "Layer 3 switches"
shouldn't be run as full routers. Otherwise, the other
options are good to go.
Again, these are just my opinions. You probably want to
study your needs more, talk to your account team, run some
PoC's, e.t.c., and not pay any real attention to what I'm
saying :-).
Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: This is a digitally signed message part.
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20090228/da938cbc/attachment.bin>
More information about the cisco-nsp
mailing list