[144500] in North American Network Operators' Group
Re: vyatta for bgp
daemon@ATHENA.MIT.EDU (Brent Jones)
Mon Sep 12 17:14:28 2011
In-Reply-To: <8183E51F-9630-4F4F-807F-C40CBADD57EE@arbor.net>
Date: Mon, 12 Sep 2011 14:13:40 -0700
From: Brent Jones <brent@servuhome.net>
To: "Dobbins, Roland" <rdobbins@arbor.net>
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, Sep 12, 2011 at 1:52 PM, Dobbins, Roland <rdobbins@arbor.net> wrote=
:
> On Sep 13, 2011, at 3:43 AM, Everton Marques wrote:
>
>> Would Cisco ISR G2 3925E classify as software-based router?
>
> Yes.
>
>> Do you expect it to bend itself down under a few Mbps of 64-byte packets=
?
>
> Especially if they're directed at the router itself, at some point, sure =
- though the ISR2 certainly has more horsepower than the original ISRs, and=
I've personally yet to witness an ISR2 being DDoSed, so I've no feel for t=
he specific numbers. =A0Features also play a role.
>
> This isn't to say that the ISR2 isn't a fine router - but rather that one=
must be cognizant of performance envelopes prior to deployment in order to=
determine suitability to purpose. =A0One can't reasonably expect vendors t=
o exceed their design constraints in any type of equipment.
>
> ;>
>
> One can and should test the specific performance envelope of any prospect=
ive infrastructure purchase, of course.
>
> -----------------------------------------------------------------------
> Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
>
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0The basis of optimism is sheer terror.
>
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0-- Oscar Wilde
>
>
>
Lots of devices can have trouble if you direct high PPS to the control
plane, and will exhibit performance degradation, leading up to a DoS
eventually.
That isn't limited to software based routers at all, it will impact
dedicated ASICs. Vendors put together solutions for this, to protect
the router itself/control plane, whether its a software based routed
or ASICs.
Now if this was a Microtik with an 1Ghz Intel Atom CPU, sure, lots of
things could take that thing offline, even funny looks. But a modern,
multi-core/multi-thread system with multi-queued NICs will handle
hundreds of thousands of PPS directed to the router itself before
having issues, of nearly any packet size.
A high end ASIC can handle millions/tens of millions PPS, but directed
to the control plane (which is often a general purpose CPU as well,
Intel or PowerPC), probably not in most scenarios.
I think its very fair for a small/medium sized organization to run
software based routers, Vyatta included.
--=20
Brent Jones
brent@servuhome.net
