[c-nsp] Router recommendation

Matthew Crocker matthew at corp.crocker.com
Fri May 31 22:35:46 EDT 2013


I'm looking for some advise on a C or J router.

Requirements:

200 mbps of throughput (small packets)
4 GigE interfaces (copper or SFP)
ip verify unicast reverse-path support in hardware.
BGP4 with a decent CPU to handle full tables.

My plan is to peer BGP with my border routers and pull in full tables.   I'll filter the announcements for as-paths from carriers I want to accept.   default route to null interface.   So, if an AS is in the list of acceptable ASes the routes are accepted and installed in the FIB.  Packets from 'bad guys' are dropped on input because the route isn't in the table (reverse path fails)

Basically, I'm trying to build a geographic based packet filter that can withstand some DoS abuse. 

This is to protect some customer facing services, customers are only on certain ISPs so it doesn't make sense to open it up to the world.

Thanks

-Matt




More information about the cisco-nsp mailing list