[144543] in North American Network Operators' Group
RE: vyatta for bgp
daemon@ATHENA.MIT.EDU (Deepak Jain)
Tue Sep 13 15:55:50 2011
From: Deepak Jain <deepak@ai.net>
To: North American Network Operators' Group <nanog@nanog.org>
Date: Tue, 13 Sep 2011 15:54:52 -0400
In-Reply-To: <20110913153747.GA91938@ussenterprise.ufp.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
In a message written on Mon, Sep 12, 2011 at 06:56:26PM +0000, Dobbins, Rol=
and wrote:
> The days of public-facing software-based routers were over years ago - yo=
u need an ASIC-based edge router, else you'll end up getting zorched.
Some enterprises get MPLS L3 VPN service from their providers, and need box=
es that can route packets to it and speak BGP to inject their routes. They=
are not, per se, connected to the Internet, and thus won't be "zorched", a=
t least in the sense you are using it.
Also, many enterprises get DS-3, Cable Modem, or 100M Ethernet handoffs, an=
d won't ever get a faster "zorch" due to link speed.
---
Picking up on what Leo wrote:
I think the OP stated he is using less than 10M (or a few T1s or something)=
. The term Enterprise covers a lot of ground from SMEs to LBs.=20
It's important to clarify that no router is perfect and all of them are suf=
ficiently complex beasties to fully understand your problem/solution set.=20
Software routers are simpler in that almost all of their complexities lie i=
n their CPU/bus/interrupt limitations and provided you haven't hit those li=
mits the software can do just about anything you ask of it.=20
Hardware-assisted routers are promised to move lots and lots of pps and tol=
erate all kinds of bad behavior -- with all kinds of caveats, like control =
plane policing, understanding the minutiae of their ASIC design/layout and =
of course various oddities in their software configurations and releases (t=
urn this on, but not with that, if you want this feature to work).=20
Without rehashing 20+ years of collective knowledge & caveats on hardware-a=
ssisted routers, smaller guys who want to test their approach to purchasing=
need some kind of answer better than "it depends".
Even though "it depends" (based on total uplink speeds), here are my sugge=
stions:
<200 mb/s a circa 2010+ software router, even talking to the internet as a =
whole, is probably fine, even to run BGP. You may have some weird edge case=
s where you can be attacked, but your pipe will probably limit you. At this=
level, you can also lean on your ISP to help if you get into a jam.
200mb/s to 2Gb/s , your software router may keep up, and you need to start =
considering hardware assisted routing and a stiff breeze could make your ro=
uter fall over. More time will be required to tune your software router tha=
t could be better spent elsewhere. At the higher end of this range, your IS=
P is less able to help you (filter good traffic from bad) and you need to b=
e able to do some of this in your router. Pipe speed is less of an issue an=
d you can have badly behaved traffic that "zorches" you at far less than li=
nk speed.
2Gb/s +, your software solution is a dead duck or an accident waiting to ha=
ppen. You will be victim to oddities related to inconsistent performance, j=
itter, and of course malicious attacks. You probably want more advanced tra=
ffic and profiling features a hardware platform allows you (at wire speed) =
too. Your ISP's hardware router will only do what you ask (nicely) for you=
r ISP to do... and even that is limited. You are basically "big enough" to =
manage these connections on your own and should have equipment and staff av=
ailable to do so.
I just took a stab at the ranges and the concepts, only limited to the OP's=
context and directed at "Enterprise" customers. ISP's probably can't use t=
hese limits for their own router solution/sizing -- and we all know that IS=
Ps vary in quality, especially at 4am when you are being DOS'd....so ymmv.
HTH,
Deepak Jain
AiNET
