Hey all
A friend just told me that Cybernet told him there is a Switzerlandwide Internet Problem.
Does anybody know something?
Cheers
Michele
--------
Online Consulting AG, Michele Capobianco, System Administrator, Weststrasse 38, CH-9500 Wil
Phone +41 (0)71 913 31 31, Fax +41 (0)71 913 31 32
http://www.online.ch, michele.capobianco(a)online.ch<mailto:michele.capobianco@online.ch>
--------
Hi,
I am looking for a job as a Networks & Systems engineer or as Networks
engineer.
I have done several work placements in Switzerland, Germany, France and
in the UK.
Please find my english C.V. on http://www.luc.rebert.name .
I am available for an interview in order to speak about my skills and
experience.
Yours faithfully,
Luc Rebert
http://www.luc.rebert.name
Hallo Andreas
Besten Dank für die Infos. Wir sind gerade selber mit EBM wegen einer Lösung am schauen. Mal schauen
was dabei rauskommt.
Grüsse
Parick
******************************************************************************
X-NetConsulting GmbH Internet http://www.x-netconsulting.ch
Grosspeterstrasse 21 E-Mail p.studer(a)x-netconsulting.ch
CH-4052 Basel Telefon +41 61 315 85 55
Schweiz Fax +41 61 315 85 59
******************************************************************************
Von: Andreas Fink [mailto:afink@list.fink.org]
Gesendet: Mittwoch, 23. September 2009 15:04
An: Patrick Studer
Betreff: Re: [swinog] Full BGP Routing Router Requirements
off the list.
On 23.09.2009, at 13:41, Patrick Studer wrote:
Hallo Andreas
Wenn ich Dich richtig verstehe, dann plant Ihr ein Darkfiber zwischen EBM und ColoBâle. Von dort
würde es dann weiter zur IWB gehen, richtig?
Nicht wirklich. Wir haben heut EBM-IWB in Betrieb da unsere Internet Verbindung noch im IWB dran ist.
Wie wären den die Preise für eine 100 Mbit/s Verbindung von EBM zum SwissIX IWB?
EBM zu SwissIX können wir günstig abgeben weil wir selber schon 1Gbps EBM->SwissIX haben.
Ich muss mal die Preise raussuchen was uns EBM verrechnet für die Verbindung und dann umrechnen.
Andreas Fink
Fink Consulting GmbH
Global Networks Schweiz AG
BebbiCell AG
IceCell ehf
---------------------------------------------------------------
Tel: +41-61-6666330 Fax: +41-61-6666331 Mobile: +41-79-2457333
Address: Clarastrasse 3, 4058 Basel, Switzerland
E-Mail: andreas(a)fink.org
www.finkconsulting.comwww.global-networks.chwww.bebbicell.ch
---------------------------------------------------------------
ICQ: 8239353 MSN: msn1(a)gni.ch AIM: smsrelay Skype: andreasfink
Yahoo: finkconsulting SMS: +41792457333
http://a-fink.blogspot.com/
hi all,
I'm looking for an existing software tool for DSL access lines analysis.
For hundreds or thousands of DSLAMs, it would periodically collect the copper line
performance data and store it in a database. Then it would generate various reports
for marketing, management and engineering teams.
If you know such a product, please contact me off-list.
thanks,
stan
Hi all,
Thank you for your kind advice and replies.
To take in order things, I don't need to filter my spam any further. The
front Exim server with some good RBLs and SA behing is very accurate for me
and yes, costs time to maintain but works fine (by the way thanks to
ImproWare if you follow the list for their great addons you freely offer).
As for other, I was thinking about ASA, SSG and Fortigate appliance, however
as mentioned all have their pros and cons and I just dislike the license
model of these vendors (I have no clue about Juniper license model, but I
can guess it is no different, but Cisco and Fortinet makes the appliance for
a fair price and when you add features you pay your appliance thrice it's
price. Both are a bit pricey, but I keep them as option.
For other advices, I already run some security measures. I run PHP thru
suPHP, have PHP compiled with some patches and have a very restrictive
php.ini file filed to forbid a maximum of actions. Fortunately, we do not
run ugly code (I am thinking of Joomla stuffs), have noexec partitions,
right file permissions and limited people to upload stuffs. I have as well
some mods to Apache (mod_cband, mod_security2, mod_evasive) and signature
and tokens of Apache/PHP all set to off. I have also done some basic tuning
of sysctl to make sure it is suitable to my needs.
The boxes are pretty clean. and we have even take the luxurious measure to
run an anti-virus scan once a week (using AVG). I've received an offline
email for appliances based on BSD and running some x86 hardware and that is
actually the way I was thinking to go. Tim was speaking about pfSense and I
was pretty much looking in that direction, only it is not easy to benchmark
these systems vs asa vs ssg vs fortigate. I was also thinking of a
stripped-down BSD/Linux box and using fwbuilder which runs on Linux, Windows
and Mac, so about all most spread OSes.
Point is that I am very undecided what direction to adapt. I would feel
'safer' using an appliance built on purpose for that, but when you think
ahead that, they probably rely in some ways on BSD/Linux and some ASIC
hardware, so at the end they are not that better (maybe when you push a lot
of traffic to them, but the vendors figures are likely just sales figures,
they mention throughput, but not the packet size and type used for the
benchmark, also no vendor mentioned in their nice PDF files the PPS they are
able to handle).
Feeling lost I am probably going to benchmark them myself, probably and ASA
vs an Intel BSD. Just wondering how you guys did your benchmark? Anybody got
a tiny benchmark hints? I guess you most went with nmap, iperf and hping
tools. However, I am still interested to get your trial and evaluation
methods if you can advice or your thoughts on BSD vs Cisco.
Thanks again all for your spontanous help and tips, very much appreciate.
Cheers.
Simon
2009/9/16 Tim Jansen <Tim.Jansen(a)macd.com>
>
> Hi Simon,
> maybe you are interested in a very good open source firewall system if so
> you should
> hold an eye to pfsense.
>
> It has a lot of features and the management is quite easy if you know what
> you want.
> It includes snort and many other features and the documentation is also
> very well
> with many howtos - for example for the clustering or any other examples how
> to
> set up pfsense.
>
> Maybe this is an alternative against the expensive Cisco and Juniper
> models. You only
> need a box with enough CPU power and network cards.
>
> MFG, Tim
>
> Simon Leins wrote:
> > Dear fellows,
> >
> > I currently look after a security solution for my company. I know that I
> > will not get many answers from the list, as security is pretty much the
> > secret recipie of all network operators.
> >
> > However, I better try to send a post here and see what feedbacks I can
> > get, so let’s get started.
> >
> > I run a farm of 15 servers, all running RedHat Linux 5 x64. These
> > servers are mainly webhosting orientated, they handle website files,
> > database and emails. The network is multihomed and with a capacity of 3
> > x 100 Mbit. We currently don’t have any kind of security, nor a firewall
> > appliance (yes, I know shame on me).
> >
> > At this point, I am looking at a cost-effective solution. I have checked
> > around for commercial solutions and have found Cisco and Juniper to be
> > my options.
> >
> > I must admit that I am not convinced at all by these brands and would
> > fell pretty ashamed to have a Cisco ASA toy in my rack. As for Juniper,
> > it seems that the boxes are a bit overpriced for my single-featured IT
> > department and would kill my yearly poor budget.
> >
> > I use to see some dirty forged packets hiting the servers. They never
> > took a server down, nor made them fill up the memory, but I consider I
> > could see some „dos“ or even non-bot size „ddos“ attacks. Another point
> > is that I must have a firewall that is transparent. Some servers
> > requires to have public IP (for dumb license reasons).
> >
> > What would you advice? Is BSD/Linux with a multi-gig port a good option
> > to consider? What firewall do you advice? How do you clean ddos?
> >
> > Looking forward to reading all answers.
> >
> > Regards.
> >
> > - Simon
> >
> >
> > ------------------------------------------------------------------------
> >
> >
> > _______________________________________________
> > swinog mailing list
> > swinog(a)lists.swinog.ch
> > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
>
> --
> Tim-Oliver Jansen
> http://www.macd.com Tel.: +49 (0)241 44597-16
> Macdonald Associates GmbH Geschäftsführer: George Macdonald
> Oppenhoffallee 103, D-52066 Aachen Amtsgericht Aachen, HRB 8151, Ust.-Id
> DE813021663
>
Hallo Andreas
Wenn ich Dich richtig verstehe, dann plant Ihr ein Darkfiber zwischen EBM und ColoBâle. Von dort
würde es dann weiter zur IWB gehen, richtig?
Wie wären den die Preise für eine 100 Mbit/s Verbindung von EBM zum SwissIX IWB?
Grüsse
Patrick
******************************************************************************
X-NetConsulting GmbH Internet http://www.x-netconsulting.ch
Grosspeterstrasse 21 E-Mail p.studer(a)x-netconsulting.ch
CH-4052 Basel Telefon +41 61 315 85 55
Schweiz Fax +41 61 315 85 59
******************************************************************************
Von: Andreas Fink [mailto:afink@list.fink.org]
Gesendet: Montag, 21. September 2009 13:37
An: Patrick Studer
Betreff: Re: [swinog] Full BGP Routing Router Requirements
Hallo Patrick,
Wir könnten eventuell Transit zu SwissIX von EBM bieten da wir ne Darkfiber zu ColoBâle planen. Unsere derzeitige SwissIX Anbindung geht allerdings noch via IWB.
On 21.09.2009, at 10:54, Patrick Studer wrote:
Hallo Daniel
Naja, zur Zeit stehen EBM, IWB und ColoBâle zur Auswahl. Wobei es bei EBM
noch ein Link zur IWB benötigt, um sich an SwissIX anzuhängen.
Habt Ihr schon Preise für den Link nach Zürich? Von wo aus wäre der Link
von IWB oder von Colobâle?
Grüsse
Patrick
******************************************************************************
X-NetConsulting GmbH Internet http://www.x-netconsulting.ch
Grosspeterstrasse 21 E-Mail p.studer(a)x-netconsulting.ch
CH-4052 Basel Telefon +41 61 315 85 55
Schweiz Fax +41 61 315 85 59
******************************************************************************
-----Ursprüngliche Nachricht-----
Von: Daniel Aubry [mailto:obri@chaostreff.ch]
Gesendet: Samstag, 19. September 2009 15:07
An: Patrick Studer
Betreff: Re: [swinog] Full BGP Routing Router Requirements
On Fri, 18 Sep 2009 09:47:00 +0200
Patrick Studer <p.studer(a)x-netconsulting.ch> wrote:
Hallo Patrick,
Habe mir aufgrund Deines Hinweises mal die Website und die Preise
angesehen. Wenn ich das zusammenrechne und den Umstand dazu nehme,
dass ich noch extra für den Strom zahlen muss und an ISP keine grosse
Auswahl besteht, dann ist die Colo nicht so interessant, wie die
Angebote von anderen Anbietern.
Wo willst Du denn sonst hin in Basel? Ich möchte dich einfach warnen, die SwissIX Anbindung von der IWB in Basel ist nicht optimal. Wir haben sämtliche Peerings mit SwissIX Teilnehmern die nicht direkt in Basel sind abgeschaltet.
Die Probleme gibts seit dem die Switch im Equinix-1 durch eine 10gbit Switch ersetzt wurde.
Scheinbar gehen da öfters mal Pakete verloren bei der Umsetzung zwischen 10G und 100mbit.
Warscheinlich werden wir von der IWB aus selber eine Leitung ins Interxion mieten damit wir wieder ohne 3-25% Packetloss peeren können.
Grüsse
Daniel
_______________________________________________
swinog mailing list
swinog(a)lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Andreas Fink
Fink Consulting GmbH
Global Networks Schweiz AG
BebbiCell AG
IceCell ehf
---------------------------------------------------------------
Tel: +41-61-6666330 Fax: +41-61-6666331 Mobile: +41-79-2457333
Address: Clarastrasse 3, 4058 Basel, Switzerland
E-Mail: andreas(a)fink.org
www.finkconsulting.comwww.global-networks.chwww.bebbicell.ch
---------------------------------------------------------------
ICQ: 8239353 MSN: msn1(a)gni.ch AIM: smsrelay Skype: andreasfink
Yahoo: finkconsulting SMS: +41792457333
http://a-fink.blogspot.com/
Hi Reza
Please note, that we will currently use less (around 5 Mbit/s) for Upstream, which
will growing in the next month/year to 10-20 Mbit/s. So currently, we are "far" away
from 100 Mbit/s and for that reason, we think, that a 38xx or 7xxx system will be
good enogh for the moment.
But thank you anyway for you input.
Kind Regards
Patrick Studer
******************************************************************************
X-NetConsulting GmbH Internet http://www.x-netconsulting.ch
Grosspeterstrasse 21 E-Mail p.studer(a)x-netconsulting.ch
CH-4052 Basel Telefon +41 61 315 85 55
Schweiz Fax +41 61 315 85 59
******************************************************************************
-----Ursprüngliche Nachricht-----
Von: Reza Kordi [mailto:Reza.Kordi@clue.ch]
Gesendet: Dienstag, 22. September 2009 12:48
An: 'Patrick Studer'
Betreff: RE: [swinog] Full BGP Routing Router Requirements
Hi Patrick
If you are planning full tables and want to grow to +100Mbps don't take 28xx platform.
What is neat is ASR1002 I tested it and recommend it. They have a 2.5G box now that is also well prices.
Cheers,
Reza
-----Original Message-----
From: swinog-bounces(a)lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch] On Behalf Of Patrick Studer
Sent: Donnerstag, 17. September 2009 11:17
To: 'Pascal Gloor'
Cc: 'swinog(a)lists.swinog.ch'
Subject: Re: [swinog] Full BGP Routing Router Requirements
Hi Pascale
That's an answer I was looking for.
Some more questions. Why you suggest the SP Service IOS?
What's about the 3825/45 Series? Would that be the "golden middle way"? Will
this box give us a little more capacity, so there is little bit of air for
the router, or is the only way to go for a 2851 or a 7xxx System?
Kind Regards
Patrick
******************************************************************************
X-NetConsulting GmbH Internet http://www.x-netconsulting.ch
Grosspeterstrasse 21 E-Mail p.studer(a)x-netconsulting.ch
CH-4052 Basel Telefon +41 61 315 85 55
Schweiz Fax +41 61 315 85 59
******************************************************************************
-----Ursprüngliche Nachricht-----
Von: Pascal Gloor [mailto:pascal.gloor@spale.com]
Gesendet: Donnerstag, 17. September 2009 10:41
An: studer.patrick(a)gmx.ch
Cc: 'swinog(a)lists.swinog.ch'
Betreff: Re: [swinog] Full BGP Routing Router Requirements
Hi Patrick,
> The first step will be, to have 10 Mbit/s fixed or 100 Mbit/s
> burstable service with an additional link to SwissIX where we want to
> do some privat peerings.
>
> In a second step, we will add a second or a third upstream with about
> the same speeds as the first connection. All connection should be done
> by normal Ethernet connection.
As a minimal BGP setup I usually suggest to have one 2851 per upstream. It needs some upgrades, 1Gb DRAM and SP SERVICES IOS. This router has two GigabitEthernet interface so you can use one for wan and one for lan. You can also add a 4 ports 10/100 switch module if you need multiple lan connexions (limited to 100mbps).
If you have multiple upstream providers and therefor multiple routers, I suggest to have a separate lan (maybe vlan) with all the routers in it for the iBGP full mesh.
This is, indeed, a minimal setup, I wont protect you from attacks of any kind and the router capacity is limited. However you should be able to route at least 100-200mbps.
If you really need protection, you will need a 7200-NPE-G1/2 (which will be able to hold 700-1000mbps traffic), but still, its capacity to hold directed attacks is limited.
For best protection a suggest a 7600-RSP720-3CXL which is full hardware platform, protection of the router can be done in hardware (CPP, control-plane policy).
But this might be just a little bit too expensive...
Cheers,
Pascal
_______________________________________________
swinog mailing list
swinog(a)lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Anybody from swisscom mail support reading this?
We are sending quite a few daily reminder-mails from a few of our web
applications on behalf of our customers and regularly get temporarily
blocked by the swisscom mail server with a simple "421 4.7.0
mail.swisscom.com closing connection". Is there a way to get whitelisted
(at least for the recipient domains where we need to send these amount
of mails)?
Cheers,
Mike
--
Mike Kellenberger mike.kellenberger(a)escapenet.ch
Escapenet - the Web Company Tel +41 52 235 0700
http://www.escapenet.ch Skype mikek70atwork
Hallo Daniel
Naja, zur Zeit stehen EBM, IWB und ColoBâle zur Auswahl. Wobei es bei EBM
noch ein Link zur IWB benötigt, um sich an SwissIX anzuhängen.
Habt Ihr schon Preise für den Link nach Zürich? Von wo aus wäre der Link
von IWB oder von Colobâle?
Grüsse
Patrick
******************************************************************************
X-NetConsulting GmbH Internet http://www.x-netconsulting.ch
Grosspeterstrasse 21 E-Mail p.studer(a)x-netconsulting.ch
CH-4052 Basel Telefon +41 61 315 85 55
Schweiz Fax +41 61 315 85 59
******************************************************************************
-----Ursprüngliche Nachricht-----
Von: Daniel Aubry [mailto:obri@chaostreff.ch]
Gesendet: Samstag, 19. September 2009 15:07
An: Patrick Studer
Betreff: Re: [swinog] Full BGP Routing Router Requirements
On Fri, 18 Sep 2009 09:47:00 +0200
Patrick Studer <p.studer(a)x-netconsulting.ch> wrote:
Hallo Patrick,
> Habe mir aufgrund Deines Hinweises mal die Website und die Preise
> angesehen. Wenn ich das zusammenrechne und den Umstand dazu nehme,
> dass ich noch extra für den Strom zahlen muss und an ISP keine grosse
> Auswahl besteht, dann ist die Colo nicht so interessant, wie die
> Angebote von anderen Anbietern.
Wo willst Du denn sonst hin in Basel? Ich möchte dich einfach warnen, die SwissIX Anbindung von der IWB in Basel ist nicht optimal. Wir haben sämtliche Peerings mit SwissIX Teilnehmern die nicht direkt in Basel sind abgeschaltet.
Die Probleme gibts seit dem die Switch im Equinix-1 durch eine 10gbit Switch ersetzt wurde.
Scheinbar gehen da öfters mal Pakete verloren bei der Umsetzung zwischen 10G und 100mbit.
Warscheinlich werden wir von der IWB aus selber eine Leitung ins Interxion mieten damit wir wieder ohne 3-25% Packetloss peeren können.
Grüsse
Daniel
Hi Bernd
Thanks for your thoughts. Since the Rackspace is already limited, the 7201
or the 3825 will be a good solutions for us, since the only take 1 or 2 RU.
I hope, that we don't will have to match ddos attacks (we wasn't attacked
within the last 5 years), so hopefully, that isn't the point for us in
the moment. So we can start with one of this two boxes. And if we are growing
and perhaps will have multiple racks, we can invest then in a ddos proved
solutions.
Kind Regards
Patrick
******************************************************************************
X-NetConsulting GmbH Internet http://www.x-netconsulting.ch
Grosspeterstrasse 21 E-Mail p.studer(a)x-netconsulting.ch
CH-4052 Basel Telefon +41 61 315 85 55
Schweiz Fax +41 61 315 85 59
******************************************************************************
-----Ursprüngliche Nachricht-----
Von: Bernd SPIESS [mailto:bernd.spiess@ascus.at]
Gesendet: Donnerstag, 17. September 2009 20:15
An: 'Patrick Studer'
Betreff: RE: [swinog] Full BGP Routing Router Requirements
yes - its a good box - but think that a new one will cost about 8000 euro
for this money you get a lot of used boxes who do routing in hardware
the 7201 and 3825 plattform are cpu driven - both will not survive a
ddos - if you have luck the 7201 will - but if you have too much services
this box is also dead
compare the mbps of the 7201 g2 with the sup32 or sup720
bernd
-----Original Message-----
From: Patrick Studer [mailto:p.studer@x-netconsulting.ch]
Sent: Thursday, September 17, 2009 6:15 PM
To: Bernd SPIESS
Cc: 'swinog(a)lists.swinog.ch'
Subject: AW: [swinog] Full BGP Routing Router Requirements
Thanks Bernd.
As you perhaps has seen, we are now thinking about a 3825 or 7201. We think
both will do the job, but the 7201 will have more power.
Kind Regards
Patrick
******************************************************************************
X-NetConsulting GmbH Internet http://www.x-netconsulting.ch
Grosspeterstrasse 21 E-Mail p.studer(a)x-netconsulting.ch
CH-4052 Basel Telefon +41 61 315 85 55
Schweiz Fax +41 61 315 85 59
******************************************************************************
-----Ursprüngliche Nachricht-----
Von: Bernd SPIESS [mailto:bernd.spiess@ascus.at]
Gesendet: Donnerstag, 17. September 2009 14:02
An: 'Patrick Studer'
Betreff: RE: [swinog] Full BGP Routing Router Requirements
ipv6 is running fine also on 28 plattform
asn32 - no practical info from our side -
we ignored this until now :-)
maybe you start here:
http://www.swissix.ch/asn32/doku.php
-----Original Message-----
From: Patrick Studer [mailto:p.studer@x-netconsulting.ch]
Sent: Thursday, September 17, 2009 1:39 PM
To: Bernd SPIESS; 'Pascal Gloor'
Cc: 'swinog(a)lists.swinog.ch'
Subject: AW: [swinog] Full BGP Routing Router Requirements
Thanks for the link to the Router performance sheet. Do you see perhaps
also some impacts about the new as-numbers or ipv6 for any of the smaller
solutions (28xx, 38xx)?
Regards
Patrick
******************************************************************************
X-NetConsulting GmbH Internet http://www.x-netconsulting.ch
Grosspeterstrasse 21 E-Mail p.studer(a)x-netconsulting.ch
CH-4052 Basel Telefon +41 61 315 85 55
Schweiz Fax +41 61 315 85 59
******************************************************************************
-----Ursprüngliche Nachricht-----
Von: swinog-bounces(a)lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch] Im Auftrag von Bernd SPIESS
Gesendet: Donnerstag, 17. September 2009 11:43
An: 'Patrick Studer'; 'Pascal Gloor'
Cc: 'swinog(a)lists.swinog.ch'
Betreff: Re: [swinog] Full BGP Routing Router Requirements
see here:
http://www.cisco.com/web/partners/downloads/765/tools/quickreference/router…
3725 = 179 mbit
3745 = 256 mbit
(best case calculated with 64 byte paket size)
you have to basicaly decide if you want a cpu driven box (28*, 38*, NPE-G1/G2) or a hardware
driven box (sup32, sup720, c-120**)
in the first case you have to primary look for the cpu performance - in the second case you have to
look primary for hardware prefix puffer (256.000 prefixes versus 1 mio)
lg
bernd
-----Original Message-----
From: swinog-bounces(a)lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch] On Behalf Of Patrick Studer
Sent: Thursday, September 17, 2009 11:17 AM
To: 'Pascal Gloor'
Cc: 'swinog(a)lists.swinog.ch'
Subject: Re: [swinog] Full BGP Routing Router Requirements
Hi Pascale
That's an answer I was looking for.
Some more questions. Why you suggest the SP Service IOS?
What's about the 3825/45 Series? Would that be the "golden middle way"? Will
this box give us a little more capacity, so there is little bit of air for
the router, or is the only way to go for a 2851 or a 7xxx System?
Kind Regards
Patrick
******************************************************************************
X-NetConsulting GmbH Internet http://www.x-netconsulting.ch
Grosspeterstrasse 21 E-Mail p.studer(a)x-netconsulting.ch
CH-4052 Basel Telefon +41 61 315 85 55
Schweiz Fax +41 61 315 85 59
******************************************************************************
-----Ursprüngliche Nachricht-----
Von: Pascal Gloor [mailto:pascal.gloor@spale.com]
Gesendet: Donnerstag, 17. September 2009 10:41
An: studer.patrick(a)gmx.ch
Cc: 'swinog(a)lists.swinog.ch'
Betreff: Re: [swinog] Full BGP Routing Router Requirements
Hi Patrick,
> The first step will be, to have 10 Mbit/s fixed or 100 Mbit/s
> burstable service with an additional link to SwissIX where we want to
> do some privat peerings.
>
> In a second step, we will add a second or a third upstream with about
> the same speeds as the first connection. All connection should be done
> by normal Ethernet connection.
As a minimal BGP setup I usually suggest to have one 2851 per upstream. It needs some upgrades, 1Gb DRAM and SP SERVICES IOS. This router has two GigabitEthernet interface so you can use one for wan and one for lan. You can also add a 4 ports 10/100 switch module if you need multiple lan connexions (limited to 100mbps).
If you have multiple upstream providers and therefor multiple routers, I suggest to have a separate lan (maybe vlan) with all the routers in it for the iBGP full mesh.
This is, indeed, a minimal setup, I wont protect you from attacks of any kind and the router capacity is limited. However you should be able to route at least 100-200mbps.
If you really need protection, you will need a 7200-NPE-G1/2 (which will be able to hold 700-1000mbps traffic), but still, its capacity to hold directed attacks is limited.
For best protection a suggest a 7600-RSP720-3CXL which is full hardware platform, protection of the router can be done in hardware (CPP, control-plane policy).
But this might be just a little bit too expensive...
Cheers,
Pascal
_______________________________________________
swinog mailing list
swinog(a)lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
_______________________________________________
swinog mailing list
swinog(a)lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
