[j-nsp] Suggestions for Edge/Peering Router..

Mark Tinka mark.tinka at seacom.mu
Mon Sep 23 03:15:48 EDT 2019



On 19/Sep/19 00:52, Jason Lixfeld wrote:

> FWIW, you may want to check out Arista’s 7280R.  We’ve just deployed a pair of these for EVPN-MPLS and they’re slick, and from what I understand, they have the FIB scale to be able to act as a border router.  It’s a very IOS-like CLI (but so many things about the CLI are so much more refined than IOS) so it may be more familiar, unless you’re Cisco experience is limited to IOS-XR.  It’s about USD$50K list for 48 x SFP+ /  6 x 40/100G, including licensing.
>
> It’s a BCM Jericho based pizza box, so that’s redundant powered, but not “redundant” in so far as there are no redundant supervisor/management cards.  But, for the number of times I’ve had that kind of failure on any of my boxes that have had redundant cards, I don’t think it’s worth the cost or the rack space, especially if it’s just a border router where you’ve probably got a bunch of other border router that can accommodate a crash or a reboot or whatever.

We recently migrated our Juniper Ethernet switches over to Arista (Layer
2-only aggregation).

We hit an issue where policing did not work, despite being activated. We
then realized we had to explicitly enable "l2 qos" for our TCAM profile.
This is traffic-affecting. You then verify by bumping the hardware ACL
counters.

Now, where this gets hairy, is when you update the TCAM profile to
enable policing, all TCAM resources are then exhausted because the
default slicing of the TCAM in EOS shares it across various protocols
and features, including ACL's, MPLS, IPv6, non-IP, PBR, pcap, e.t.c. So
in order to support policing, you have to give up some of these features

Luckily for us, this is a pure Layer 2-only device, so we don't need a
bunch of these things; just ACL's to protect terminal sessions. We are
now going to test this again and hope nothing else breaks.

Definitely not something we were expecting, and a bit of a surprise for
the Arista TAC too.

Takes me back several steps with merchant silicon... ah well.

Mark.



More information about the juniper-nsp mailing list