Hi,
Bernd you are right, the 7201 and 3825 are CPU-based drive boxes, just like any network gear by Cisco. It is a bit the Cisco conception of network devices, isn't?
However with < 300 Mbit/s you can't do much against a big serious DDoS attack, either the peipes are filled and must be filtered. Actually even large ISP can't fight much against real big attacks. Even the big blue national company already suffered of large DDoS attacks. Yes with large pipes you can fight a bit, but can't litteraly stop them when they are bot-net driven.
However, IMHO DDoS attacks are just like spam, nobody can really pretend being able to stop them as of today.
<off topic> http://www.youtube.com/watch?v=Rm-jbZS2LQU </off topic>
Just humour, no hidden message.
Cheers.
Alex
On Fri, 18 Sep 2009 10:07:00 +0200, Patrick Studer p.studer@x-netconsulting.ch wrote:
Hi Bernd
Thanks for your thoughts. Since the Rackspace is already limited, the
7201
or the 3825 will be a good solutions for us, since the only take 1 or 2
RU.
I hope, that we don't will have to match ddos attacks (we wasn't attacked within the last 5 years), so hopefully, that isn't the point for us in the moment. So we can start with one of this two boxes. And if we are growing and perhaps will have multiple racks, we can invest then in a ddos proved solutions.
Kind Regards
Patrick
******************************************************************************
X-NetConsulting GmbH Internet http://www.x-netconsulting.ch Grosspeterstrasse 21 E-Mail
p.studer@x-netconsulting.ch
CH-4052 Basel Telefon +41 61 315 85 55 Schweiz Fax +41 61 315 85 59
******************************************************************************
-----Ursprüngliche Nachricht----- Von: Bernd SPIESS [mailto:bernd.spiess@ascus.at] Gesendet: Donnerstag, 17. September 2009 20:15 An: 'Patrick Studer' Betreff: RE: [swinog] Full BGP Routing Router Requirements
yes - its a good box - but think that a new one will cost about 8000 euro for this money you get a lot of used boxes who do routing in hardware
the 7201 and 3825 plattform are cpu driven - both will not survive a ddos - if you have luck the 7201 will - but if you have too much services this box is also dead
compare the mbps of the 7201 g2 with the sup32 or sup720
bernd
-----Original Message----- From: Patrick Studer [mailto:p.studer@x-netconsulting.ch] Sent: Thursday, September 17, 2009 6:15 PM To: Bernd SPIESS Cc: 'swinog@lists.swinog.ch' Subject: AW: [swinog] Full BGP Routing Router Requirements
Thanks Bernd.
As you perhaps has seen, we are now thinking about a 3825 or 7201. We
think
both will do the job, but the 7201 will have more power.
Kind Regards
Patrick
******************************************************************************
X-NetConsulting GmbH Internet http://www.x-netconsulting.ch Grosspeterstrasse 21 E-Mail
p.studer@x-netconsulting.ch
CH-4052 Basel Telefon +41 61 315 85 55 Schweiz Fax +41 61 315 85 59
******************************************************************************
-----Ursprüngliche Nachricht----- Von: Bernd SPIESS [mailto:bernd.spiess@ascus.at] Gesendet: Donnerstag, 17. September 2009 14:02 An: 'Patrick Studer' Betreff: RE: [swinog] Full BGP Routing Router Requirements
ipv6 is running fine also on 28 plattform
asn32 - no practical info from our side - we ignored this until now :-) maybe you start here: http://www.swissix.ch/asn32/doku.php
-----Original Message----- From: Patrick Studer [mailto:p.studer@x-netconsulting.ch] Sent: Thursday, September 17, 2009 1:39 PM To: Bernd SPIESS; 'Pascal Gloor' Cc: 'swinog@lists.swinog.ch' Subject: AW: [swinog] Full BGP Routing Router Requirements
Thanks for the link to the Router performance sheet. Do you see perhaps also some impacts about the new as-numbers or ipv6 for any of the smaller solutions (28xx, 38xx)?
Regards
Patrick
******************************************************************************
X-NetConsulting GmbH Internet http://www.x-netconsulting.ch Grosspeterstrasse 21 E-Mail
p.studer@x-netconsulting.ch
CH-4052 Basel Telefon +41 61 315 85 55 Schweiz Fax +41 61 315 85 59
******************************************************************************
-----Ursprüngliche Nachricht----- Von: swinog-bounces@lists.swinog.ch
[mailto:swinog-bounces@lists.swinog.ch]
Im Auftrag von Bernd SPIESS Gesendet: Donnerstag, 17. September 2009 11:43 An: 'Patrick Studer'; 'Pascal Gloor' Cc: 'swinog@lists.swinog.ch' Betreff: Re: [swinog] Full BGP Routing Router Requirements
see here:
http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerp...
3725 = 179 mbit 3745 = 256 mbit
(best case calculated with 64 byte paket size)
you have to basicaly decide if you want a cpu driven box (28*, 38*, NPE-G1/G2) or a hardware driven box (sup32, sup720, c-120**) in the first case you have to primary look for the cpu performance - in
the
second case you have to look primary for hardware prefix puffer (256.000 prefixes versus 1 mio)
lg bernd
-----Original Message----- From: swinog-bounces@lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch] On Behalf Of Patrick Studer Sent: Thursday, September 17, 2009 11:17 AM To: 'Pascal Gloor' Cc: 'swinog@lists.swinog.ch' Subject: Re: [swinog] Full BGP Routing Router Requirements
Hi Pascale
That's an answer I was looking for.
Some more questions. Why you suggest the SP Service IOS? What's about the 3825/45 Series? Would that be the "golden middle way"? Will this box give us a little more capacity, so there is little bit of air
for
the router, or is the only way to go for a 2851 or a 7xxx System?
Kind Regards
Patrick
******************************************************************************
X-NetConsulting GmbH Internet http://www.x-netconsulting.ch Grosspeterstrasse 21 E-Mail
p.studer@x-netconsulting.ch
CH-4052 Basel Telefon +41 61 315 85 55 Schweiz Fax +41 61 315 85 59
******************************************************************************
-----Ursprüngliche Nachricht----- Von: Pascal Gloor [mailto:pascal.gloor@spale.com] Gesendet: Donnerstag, 17. September 2009 10:41 An: studer.patrick@gmx.ch Cc: 'swinog@lists.swinog.ch' Betreff: Re: [swinog] Full BGP Routing Router Requirements
Hi Patrick,
The first step will be, to have 10 Mbit/s fixed or 100 Mbit/s burstable service with an additional link to SwissIX where we want to do some privat peerings.
In a second step, we will add a second or a third upstream with about the same speeds as the first connection. All connection should be done by normal Ethernet connection.
As a minimal BGP setup I usually suggest to have one 2851 per upstream.
It
needs some upgrades, 1Gb DRAM and SP SERVICES IOS. This router has two GigabitEthernet interface so you can use one for wan and one for lan. You can also add a 4 ports 10/100 switch module if you need multiple lan connexions (limited to 100mbps).
If you have multiple upstream providers and therefor multiple routers, I suggest to have a separate lan (maybe vlan) with all the routers in it
for
the iBGP full mesh.
This is, indeed, a minimal setup, I wont protect you from attacks of any kind and the router capacity is limited. However you should be able to route at least 100-200mbps.
If you really need protection, you will need a 7200-NPE-G1/2 (which will
be
able to hold 700-1000mbps traffic), but still, its capacity to hold directed attacks is limited. For best protection a suggest a 7600-RSP720-3CXL which is full hardware platform, protection of the router can be done in hardware (CPP, control-plane policy).
But this might be just a little bit too expensive...
Cheers, Pascal
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog