[191871] in North American Network Operators' Group
Re: nexus N3K-C3064PQ vs juniper ex4500 in order to protect against
daemon@ATHENA.MIT.EDU (Matt Freitag)
Fri Sep 30 16:50:51 2016
X-Original-To: nanog@nanog.org
In-Reply-To: <CAAeewD_1TnVonfgXkurDy=uun9mP66j6QzV=hm8Cm+c=pWj4-w@mail.gmail.com>
From: Matt Freitag <mlfreita@mtu.edu>
Date: Fri, 30 Sep 2016 16:50:25 -0400
To: Saku Ytti <saku@ytti.fi>
Reply-To: mlfreita@mtu.edu
Cc: nanog list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Pedro,
Please also keep in mind that the Juniper EX4500 is an end of life product.
Soon you won't be able to get Juniper to support you. That's why there are
so many for so cheap on eBay.
Matt Freitag
Network Engineer I
Information Technology
Michigan Technological University
(906) 487-3696 <%28906%29%20487-3696>
https://www.mtu.edu/
https://www.it.mtu.edu/
On Fri, Sep 30, 2016 at 4:06 PM, Saku Ytti <saku@ytti.fi> wrote:
> On 30 September 2016 at 22:42, Pedro <piotr.1234@interia.pl> wrote:
>
> Hey Pedro,
>
> > I have some idea to put switch before bgp router in order to terminate
> isp
> > 10G uplinks on switch, not router. Main reason is that could be some
> kind of
> > 1st level of defence against ddos, second reason, less important, save
> cost
> > of router ports, do many port mirrors.
>
> I don't understand your rationale, unless your router is software box,
> but as it has 10G interface, probably not.
> Your router should be able to limit packets in HW, likely with better
> counter and filtering options than cheap switch.
>
> --
> ++ytti
>
