[191872] in North American Network Operators' Group
Re: nexus N3K-C3064PQ vs juniper ex4500 in order to protect against
daemon@ATHENA.MIT.EDU (Pedro)
Sat Oct 1 03:15:36 2016
X-Original-To: nanog@nanog.org
To: mlfreita@mtu.edu, Saku Ytti <saku@ytti.fi>
From: Pedro <piotr.1234@interia.pl>
Date: Sat, 1 Oct 2016 09:03:26 +0200
In-Reply-To: <CAJWk1pTkkFaDf6y=jibd76Fyudep3J7CtWivkuiy1d3CR-3Z+Q@mail.gmail.com>
Cc: nanog list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
We had situations, that we lost all our bgp sessions, not even only on
ports where flood was coming. Just cpu overloaded. I don't care about
support too much, there are cheap enough to have spare. Soft is mature
with known bugs so i assume that this risk are accepted. Bigger problem
for me is technical details about features, which i desribed in my first
post. Most of this features i tested on trident2 chipset extreme 670, it
works but with problems and some limits. Now i have to change vendor.
Really wondering what can i get from N3K-C3064PQ, its also build on
trident2 AFAIK
thanks for answers,
Pedro
W dniu 2016-09-30 o 22:50, Matt Freitag pisze:
> Pedro,
>
> Please also keep in mind that the Juniper EX4500 is an end of life
> product. Soon you won't be able to get Juniper to support you. That's
> why there are so many for so cheap on eBay.
>
> Matt Freitag
> Network Engineer I
> Information Technology
> Michigan Technological University
> (906) 487-3696 <tel:%28906%29%20487-3696>
> https://www.mtu.edu/
> https://www.it.mtu.edu/
>
>
> On Fri, Sep 30, 2016 at 4:06 PM, Saku Ytti <saku@ytti.fi
> <mailto:saku@ytti.fi>> wrote:
>
> On 30 September 2016 at 22:42, Pedro <piotr.1234@interia.pl
> <mailto:piotr.1234@interia.pl>> wrote:
>
> Hey Pedro,
>
> > I have some idea to put switch before bgp router in order to termin=
ate isp
> > 10G uplinks on switch, not router. Main reason is that could be som=
e kind of
> > 1st level of defence against ddos, second reason, less important, s=
ave cost
> > of router ports, do many port mirrors.
>
> I don't understand your rationale, unless your router is software box=
,
> but as it has 10G interface, probably not.
> Your router should be able to limit packets in HW, likely with better=
> counter and filtering options than cheap switch.
>
> --
> ++ytti
>
>
---
Ta wiadomo=C5=9B=C4=87 zosta=C5=82a sprawdzona na obecno=C5=9B=C4=87 wirus=
=C3=B3w przez oprogramowanie antywirusowe Avast.
https://www.avast.com/antivirus
