I briefly browsed the links and I didn't see any traffic profiles included.
If you are talking about pushing x mbps with no specifics and/or general traffic, I think most of us agree you can do that easily and probably consistently without any issues. And for some icing, you may even do it at <90% average CPU util. Does that mean it should be an edge device at any service provider? No. Some? Sure.
Those last two words are the point I've been trying to make. If you'll recall, Roland said flat out that that wasn't the case.
Can you point to any specific tests of attack vectors and/or traffic profiles with: CPU utilization, packet loss levels and pps/mbps/etc data?
Not without doing the work; I have no plans to do the work for free just to prove a point on NANOG. I have Real Work to do.
The reason I ask is that Roland is in a specific business and has a specific point.
Sure, and I'm making the point that this point isn't universally true in the way Roland would like to paint it.
As a side, were those 2 VMs on the same box? That traffic out on the wire? What's the traffic profile?
100Mbps attack on it at minimum packet size without blinking, while simultaneously delivering such an attack, in the spare CPU cycles of a vm host that has dozens of hosts on it. It's meant to suggest that what Roland is selling includes a healthy dose of FUD; I, on the other hand, am happy to concede that at a certain point, the hardware stuff is going to be more effective. It'd be nice if Roland could concede
Yes, no (just between vm's), just sheer UDP blasting of both the vservers from the other (mutual attack) with ports both closed and opened. Since Roland's point seems to be that the availability of the platform is impacted by an attack on the control plane (in this case, for all reasonable intents and purposes, that would appear to be the host OS's addresses), I didn't really feel it necessary to get particularly complicated, and just tested the control plane availability theory. My point is that a randomly created *virtual* machine can absorb a that software-based routers have some advantages and some reasonable use profiles. For example, for a provider whose entire upstream capacity is 1Gbps, I have a hard time seeing how a Linux- or FreeBSD-based box could credibly be claimed not to be a suitable edge router. The problem with Roland's statement is its absoluteness; I have a much easier side to argue, since I merely need to explain one case where the use profile does not result in failure, and there are many to choose from. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.