[j-nsp] ASR1002 Comparitive

Florian Weimer fweimer at bfk.de
Wed Nov 18 02:58:52 EST 2009


* Roland Dobbins:

> The issue with this software-based router won't be NetFlow; it'll be
> throughput, as you indicated, along with resiliency to attack.

Not really, forwarding 200 to 300 Mbps of attack traffic (or more) is
not a problem anymore.

> The day of public-facing software-based routers is really over, from
> an availability perspective.

That's like saying that the day of links with less than 10 Gbps of
capacity are over, from an availability perspective.

And if your router fails to forward an outbound DoS attack, that's
actually a good thing, isn't it?  In most scenarios, it's also fairly
easy to restrict its impact to a single customer.  Curiously, that's a
point where flow-based fowarding is superior to stateless forwarding.

-- 
Florian Weimer                <fweimer at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99


More information about the juniper-nsp mailing list