[c-nsp] Looking for router recommendation to handle 10GE

Mon Nov 8 12:04:03 EST 2010

-----Original Message-----
From: Nick Hilliard [mailto:nick at foobar.org] 
Sent: Monday, November 08, 2010 2:50 AM
To: Mack McBride
Cc: Dobbins, Roland; cisco-nsp
Subject: Re: [c-nsp] Looking for router recommendation to handle 10GE

On 08/11/2010 00:35, Mack McBride wrote:
> To be specific, the netflow portion does not do tcp flags properly.
> There are also flow limits but most people do not run up against these.

In my experience, netflow problems start at a couple of hundred kpps.

> If you need netflow tcp flags then this is not the platform to choose.
> As arbor appliances somewhat depend on netflow tcp flags, I think Mr. Dobbins
> is somewhat prejudiced.

Not really, but it does depend on what you're using your netflow for.  If
you don't care about losing flows all over the place, then you can ignore
the warnings which the box will produce.  On the other hand, if you're
using netflow for measuring traffic (e.g. for billing / measurement
purposes), then this is the Wrong Choice of hardware.

On the other hand, enabling urpf for ipv6 will cause your ipv6 traffic to
be forwarded by the RP.  This is completely useless.

On 10G support in general, the 6704 cards have tiny buffers (i.e. poor QoS
and risk of packet loss) and use XENPAKs, and won't do line rate 10G on all
ports.  The 6708 have quite generously proportioned buffers, but they're
rather expensive and use X2 (again, not a problem if you're committed to
using X2, but if you aren't...)  Buying XENPAKs these days is basically
lost investment - no new equipment has used XENPAKs for some years.  And X2
is a matter of personal taste.  If you are committed to Cisco, then it may
make sense.  If you aren't, then it really doesn't.

There was a very long and informative thread on sup720 CoPP earlier this
year ("Sup720 CoPP, limits on CPU performance").   Well worth reading.

And the RP CPU is pretty underpowered by today's standards.  Even the
RSP720 is quite slow for busier bgp setups.

Also, the LAN cards don't do vpls, and... well, you get the idea.  The
sup720 was a great platform when it was introduced in 2003, but the truth
is that technology has moved on.  It still has lots of strengths and can be
a very good platform to buy on the second hand market.  But you need to be
careful about what you do with it.  It's not a one-box-fits-all product any
more.  In its place, though, it's a really solid workhorse product.

Nick

-------- reply -------

The netflow is very dependent on traffic mix but any hardware platform will 
run into issues once the netflow tcam is exhausted.  Platforms that do netflow
in software will have a different set of challenges.

My point post was that the poster I was replying to had a certain prejudice.

The lack of hardware IPv6 uRPF is an issue.  I doubt this can be fixed in software.
I will ask Cisco on the next call with them.

I agree with the recommendation against the 6704.  The 6708 is a much better
blade except for the odd port groupings.

Properly configuring CoPP is a black art.  I have done two major CoPP rollouts
and there are a lot of caveats on the configuration side.

I definitely would not recommend the Sup720 as a route reflector.  The RSP720
will handle a decent number of BGP sessions but software platforms make better
route reflectors.

The 6500/7600 is still a viable platform although fairly dated but is probably 
better for a customer edge vlan based box or mpls core than an internet edge or 
mpls pe box.

Good coverage of the issues.

Mack