[f-nsp] SLX 9640 experiences

Jörg Kost jk at ip-clear.de
Mon Jun 3 16:21:50 EDT 2019 

One of the currently not fixed and non root-caused bugs on the SLX that 
I have found,  is about Receive-ACLs. When you alter the receive ACL, 
the ACL can randomly spread to other switched interfaces and therefore 
will block pass-through traffic for the world, till you workaround (e.g. 
rebind and pray).

That's a heartbreaking bug and I don't know if this is 9540 exclusive.

Also in contrast to the MLX, the BGP daemon likes to talk TCP to the 
world by default and you may want to apply an ACL for known IPv6 and 
IPv4 peering partners or networks and block all the others. This is also 
true for the netconf/ssh on port 830 and don't forget the classic "ntp 
disable serve" command, too.

On 3 Jun 2019, at 17:31, Robert Hass wrote:

> Can you reveal what bugs you found ? We just received Arista and will 
> start
> testing tomorrow. I'm extremely interested in FIB convergence time 
> (full
> DFZ) and quality of Receive-ACLs (Control Plane protection against 
> DDoS).
>
> On Mon, Jun 3, 2019 at 4:00 PM Aaron <aaron at wholesaleinternet.net> 
> wrote:
>
>> We have 2 of these.  They're based off the VDX platform, not the MLX 
>> so
>> there are some differences in the command syntax.  Nothing major
>> though.  For us they were not ready for production.  We found 3 bugs
>> right off the bat that have prevented us from using them.  A new
>> software version was released last week.  We'll be testing it today.
>> Hopefully it'll do the trick because from the testing we've done 
>> already
>> they are little workhorses.  And really, for the price they can't be 
>> beat.
>>
>> Aaron
>>
>> On 6/3/2019 5:50 AM, Robert Hass wrote:
>>> Hi
>>> I'm looking for users of new SLX 9640. We consider that platform as
>>> MLXe replacement in Internet (full DFZ) Edge/Core segments. Any
>>> problems / comments ?
>>>
>>> BTW. Did anyone compared SLX 9640 versus Arista 7280 or NCS 5501-SE 
>>> ?
>>> I'm also happy to hear feedback.
>>>
>>> Rob
>>>
>>>
>>>
>>> _______________________________________________
>>> foundry-nsp mailing list
>>> foundry-nsp at puck.nether.net
>>> http://puck.nether.net/mailman/listinfo/foundry-nsp
>>
>

More information about the foundry-nsp mailing list