[c-nsp] Looking for router recommendation to handle 10GE

Nick Hilliard nick at foobar.org
Mon Nov 8 04:49:38 EST 2010 

On 08/11/2010 00:35, Mack McBride wrote:
> To be specific, the netflow portion does not do tcp flags properly.
> There are also flow limits but most people do not run up against these.

In my experience, netflow problems start at a couple of hundred kpps.

> If you need netflow tcp flags then this is not the platform to choose.
> As arbor appliances somewhat depend on netflow tcp flags, I think Mr. Dobbins
> is somewhat prejudiced.

Not really, but it does depend on what you're using your netflow for.  If
you don't care about losing flows all over the place, then you can ignore
the warnings which the box will produce.  On the other hand, if you're
using netflow for measuring traffic (e.g. for billing / measurement
purposes), then this is the Wrong Choice of hardware.

On the other hand, enabling urpf for ipv6 will cause your ipv6 traffic to
be forwarded by the RP.  This is completely useless.

On 10G support in general, the 6704 cards have tiny buffers (i.e. poor QoS
and risk of packet loss) and use XENPAKs, and won't do line rate 10G on all
ports.  The 6708 have quite generously proportioned buffers, but they're
rather expensive and use X2 (again, not a problem if you're committed to
using X2, but if you aren't...)  Buying XENPAKs these days is basically
lost investment - no new equipment has used XENPAKs for some years.  And X2
is a matter of personal taste.  If you are committed to Cisco, then it may
make sense.  If you aren't, then it really doesn't.

There was a very long and informative thread on sup720 CoPP earlier this
year ("Sup720 CoPP, limits on CPU performance").   Well worth reading.

And the RP CPU is pretty underpowered by today's standards.  Even the
RSP720 is quite slow for busier bgp setups.

Also, the LAN cards don't do vpls, and... well, you get the idea.  The
sup720 was a great platform when it was introduced in 2003, but the truth
is that technology has moved on.  It still has lots of strengths and can be
a very good platform to buy on the second hand market.  But you need to be
careful about what you do with it.  It's not a one-box-fits-all product any
more.  In its place, though, it's a really solid workhorse product.

Nick

More information about the cisco-nsp mailing list