[j-nsp] Modern BGP peering border router and DDoS recommendations with Juniper?

Justin M. Streiner streiner at cluebyfour.org
Fri Jun 10 15:30:21 EDT 2005

On Fri, 10 Jun 2005, Sam Crooks wrote:

> I'm trying to get a handle on the Juniper platform needed to withstand a
> 1) small
> 2) medium
> 3) large-scale (NxGbps rate)
> DDoS attack

Most of the M-series routers stand up very well against even a large attack
because of the hardware-based packet forwarding.  I believe the J-series 
routers do at least some software-based forwarding, but I don't have any 
direct experience with them or their ability to handle attacks without 

> What Juniper router would be comparable to:
> Cisco 7200?

These are my personal opinions - I speak for no one else.

J6300, M7i, M10i

> Cisco 7304?

Same as the 7200.

> Cisco 7600?

I'd say M20/M40e/M320, based on port density.

> And are there any serious issues with the lower end of the Juniper line
> I should no about?
> (for example, something like: "You can't take full routes from your BGP
> peers without at least M7/M10/M20 etc... and X level of memory")

M7i/M10i can handle full BGP routes.  To be safe you probably want to put 
512 or 768 MB of RAM on the routing engine.

> I'm shopping for these as border routers to an end-user AS, with fairly
> low (fractional DS-3) bandwidth requirements for the application...
> additional access port speed would be primarily for assisting with
> mitigating DDoS attacks.

More information about the juniper-nsp mailing list