[130028] in North American Network Operators' Group
Re: Software-based Border Router
daemon@ATHENA.MIT.EDU (Nathanael C. Cariaga)
Sun Sep 26 06:17:31 2010
Date: Sun, 26 Sep 2010 18:15:20 +0800 (PHT)
From: "Nathanael C. Cariaga" <nccariaga@stluke.com.ph>
To: sthaug@nethelp.no
In-Reply-To: <20100926.115921.74701327.sthaug@nethelp.no>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Thank you for the prompt response. Just to clarify my previous post, I was actually referring to Linux/Unix-based routers. We've been considering this solution because presently we don't have any budget for equipment acquisition this year.
To be honest, I came across Vyatta Core while searching for viable Linux/Unix-based solution that we can adopt and I'm currently reading its reference guides. Has anyone here used this software before?
Thanks a lot.
----- Original Message -----
From: sthaug@nethelp.no
To: nccariaga@stluke.com.ph
Cc: nanog@nanog.org
Sent: Sunday, September 26, 2010 5:59:21 PM
Subject: Re: Software-based Border Router
> Just want to ask if anyone here had experience deploying software-based routers to serve as perimeter / border router? How does it gauge with hardware-based routers? Any past experiences will be very much appreciated.
Software based routers (e.g. Cisco 7200 series) have been used as border
routers for many years - this is hardly anything new. The question you
should ask is probably: Can such a router handle a full link's worth of
DDoS using minimum sized packets? The answer, of course, depends on your
link capacity, the router itself, features enabled (ACLs, QoS, ...) etc.
There are quite a few people using Quagga based boxes running Linux or
FreeBSD as border routers - this is a possible solution too, giving
you more bang for the buck than a traditional software based router from
the big vendors. Make sure you have enough expertise for the relevant OS
and routing software available.
Steinar Haug, Nethelp consulting, sthaug@nethelp.no
