[c-nsp] Looking for router recommendation to handle 10GE

Mon Nov 8 05:13:41 EST 2010

On 11/08/2010 09:49 AM, Nick Hilliard wrote:
> On 08/11/2010 00:35, Mack McBride wrote:
>> To be specific, the netflow portion does not do tcp flags properly.
>> There are also flow limits but most people do not run up against these.
>
> In my experience, netflow problems start at a couple of hundred kpps.

It depends on your traffic patterns, your mix of DFCs and CFCs and of 
course which linecards traffic is ingressing on.

We've used these boxes for years, under much higher load than 200kpps, 
and had no problems. Only now, on our very busiest routers, are we 
routinely suffering *occasional* netflow cache overflows. In fact, many 
flows are double-counted, as they come into our network, then again once 
they've passed through our firewalls into a VRF.

I'm honestly quite impressed they've lasted this long. My point is - it 
varies, considerably.

>
> Not really, but it does depend on what you're using your netflow for.  If
> you don't care about losing flows all over the place, then you can ignore
> the warnings which the box will produce.  On the other hand, if you're
> using netflow for measuring traffic (e.g. for billing / measurement
> purposes), then this is the Wrong Choice of hardware.

Certainly if you need 100% accuracy, it's the wrong choice.

>
> On the other hand, enabling urpf for ipv6 will cause your ipv6 traffic to
> be forwarded by the RP.  This is completely useless.

Agreed. Easily my biggest disappointement!

>
> On 10G support in general, the 6704 cards have tiny buffers (i.e. poor QoS
> and risk of packet loss) and use XENPAKs, and won't do line rate 10G on all
> ports.  The 6708 have quite generously proportioned buffers, but they're
> rather expensive and use X2 (again, not a problem if you're committed to
> using X2, but if you aren't...)  Buying XENPAKs these days is basically
> lost investment - no new equipment has used XENPAKs for some years.  And X2
> is a matter of personal taste.  If you are committed to Cisco, then it may
> make sense.  If you aren't, then it really doesn't.

Yeah, agreed. optics are a mish-mash. 6704 - avoid!

>
> There was a very long and informative thread on sup720 CoPP earlier this
> year ("Sup720 CoPP, limits on CPU performance").   Well worth reading.
>
> And the RP CPU is pretty underpowered by today's standards.  Even the
> RSP720 is quite slow for busier bgp setups.

Kind-of related - slow boot times. 5+ minutes.

> Also, the LAN cards don't do vpls, and... well, you get the idea.  The
> sup720 was a great platform when it was introduced in 2003, but the truth
> is that technology has moved on.  It still has lots of strengths and can be
> a very good platform to buy on the second hand market.  But you need to be
> careful about what you do with it.  It's not a one-box-fits-all product any
> more.  In its place, though, it's a really solid workhorse product.

An excellent summary!