[c-nsp] Best practice - Core vs Access Router

Saku Ytti saku at ytti.fi
Tue Feb 9 10:50:21 EST 2010 

On (2010-02-09 09:33 -0500), Drew Weaver wrote:

> 6500s are just an awful platform and have caveats out the wazoo.

Yes, it is complex to operate successfully outside LAN environments, that
complexity may well increase OPEX past any CAPEX benefit it had.
 
> Yes, the 3BXL will do full internet tables, but not as well as any router Cisco offers (GSR...)

I haven't experienced any relevant difference taking full table on GSR and
on 7600. Of course when you have SUP720, RSP720, GRP-A, GRP-B, PRP-1,
PRP-2, you'd need to be more specific what you mean.
The BGP code is obviously mostly same.

> Yes, the 6724 Line card can do 24 1Gbps connections, but not if you have bursty traffic (buffer overflows)

To nitpick, it has single 20G fabric connection, so actually 20x1Gbps not 24.

> Yes, the Supervisor will respond to traceroutes, but in software... (rate limit TTL)

All devices do traceroute in software, GSR has distributed LC CPU, but
still software. JNPR not long ago had chassis wide limit on traceroute
50pps per interface and 500pps per PFE, wasn't even configurable, unlike it
is in 7600.
In GSR still today there is nothing you can do to protect control-plane
from say TTL exceeded attack, rACL and CoPP are done in LC CPU, while in
7600 they are done in hardware. It is trivial to bring GSR/IOS to its knees
when dossed by someone who understands the platform, I no know way to DoS
7600 when not connected to it in L2 when it has been properly configured.

> If you ping the 6500 while BGP scanner is running you will see 600ms responses...

BGP has been event driven since 2006 with release of SRA.

> Most of these things (except for the 6724 line card suckage) are 'fixed' in hardware only platforms (GSR... etc)

GSR is not hardware only, as said control-plane can't be protected in
hardware in IOS at all, E0 and E1 are pure software linecards.

> I probably sound bitter, but if one goes straight from what Cisco's documentation says they would think the 6500 is a great platform, but there should be a * next to everything in that entire white paper.

I'd say if you don't have time to invest on understaning the platform
in-depth then neither 7600 or GSR will be easy or cheap to operate, JNPR in
my experience requires far less from the pilot and is mostly competitively
priced unless you're looking at purely LAN cards.

-- 
  ++ytti

More information about the cisco-nsp mailing list