[c-nsp] Rec for full-table multi-peer bgp router?

Nick Cutting ncutting at edgetg.com
Wed Dec 7 14:45:26 EST 2016 

How does this device compare to the equivalent 9K cisco box?

The 93180YC-EX ?

I imagine under the hood it is very similar silicon.
This maxes out out 896,000k routes

Or is it designed for a totally different purpose - however I see very similar features in both datasheets.

-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Jiri Prochazka
Sent: Wednesday, December 7, 2016 2:28 PM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Rec for full-table multi-peer bgp router?

CoPP on EOS is not the best, to say the least. But this will get better
- in a few months. Now, it's almost useless (it's processed in SW, not in HW).

There are few caveats which need special care, but securing of those boxes against DoSes is doable.

loong iACL on ALL edge ports together with ttl security (introduced in EOS 4.17.1), combined with tweaked values in default copp-system-policy makes (almost) a trick.

If you are fine with RIB limitations, you need a LOT of line-rate ports and you do not do any super-fancy stuff, I think that 7280SR is great box for you. You can push 400Gbit of Internet traffic, having installed full BGP v4&v6 feed, and everything is absolutely fine.

Deep buffers, full BGP, fast CPU, 100GbE ports, 1U, low power consumption, EOS on the top of this - for me - this box is  - for the money it costs - the best network device in the last 10 years.

Bugs..one of the funniest we discovered was 'The Rib agent may restart if it receives a malformed BGP UPDATE message.' (Bug ID: 166815). Not 7280SR specific, it was spread across all platforms.

One malformed BGP update caused total meltdown of our network in one POP. Routing protocol did not restart. It crashed and did not restart. 
One of the best troubleshooting sessions I have ever encountered.

What was even more funny - that malformed packet was generated/created by another bug in EOS.

Still, I do not think that number of bugs is worse than with any other vendor. As I said, we are using Arista switches VERY extensively - which means we see issues more often than normally :).



Jiri



On 12/5/2016 8:51 PM, Jared Mauch wrote:
>
>> On Dec 5, 2016, at 2:46 PM, Raphael Mazelier <raph at futomaki.net> wrote:
>>
>>
>> Very interesting.
>>
>> 7280SR look perfect for us. (if the price is OK; I will call my local Arista representative).
>>
>> We are another content AS and we push 150gps approx in peak.
>> We plan to upgrade from our current routers to something with a lower TCO by port (which is our currently limiting factor).
>>
>> We do need full view in RIB as we target only 5/6 ASes for 99% of our traffic, so we are not concerned by the RIB size.
>>
>> So do you recommended them ? or another model from Arista ?
>> What kind of bug did you encounter or discover ? are the platform enough stable for using them in production without any action ? (we are a really small team, and we have no to time to spend in the network side, unfortunately).
>
> Be mindful of how you do your control plane filtering and testing on such a device.  Many people forget about this until you are on the wrong-side of a three digit (in gigabits) attack pointed at a link-ip address.  Some devices handle it well, others poorly.
>
> - Jared
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list