Julio Arruda wrote:
Steve Dalberg wrote:
2009/5/18 Adam Armstrong <lists@memetic.org>:
David Storandt wrote:
We're stuck in an engineering pickle, so some experience from this crew would be useful in tie-breaking...
We operate a business-grade FTTx ISP with ~75 customers and 800Mbps of Internet traffic, currently using 6509/Sup2s for core routing and port aggregation. The MSFC2s are under stress from 3x full route feeds, pared down to 85% to fit the TCAM tables. One system has a FlexWAN with an OC3 card and it's crushing the CPU on the MSFC2. System tuning (stable IOS and esp. disabling SPD) helped a lot but still doesn't have the power to pull through. Hardware upgrades are needed...
We need true full routes and more CPU horsepower for crunching BGP (+12 smaller peers + ISIS). OC3 interfaces are going to be mandatory, one each at two locations. Oh yeah, we're still a larger startup without endless pockets. Power, rack space, and SmartNet are not concerns at any location (on-site cold spares). We may need an upstream OC12 in the future but that's a ways out and not a concern here.
Our engineering team has settled on three $20k/node options: - Sup720-3BXLs with PS and fan upgrades - Sup2s as switches + ISIS + statics and no BGP, push BGP edge routing off to NPE-G2s across a 2-3Gbps port-channel - Sup2s as switches + ISIS + statics and no BGP, push BGP edge routing off to a 12008 with E3 engines across a 2-3Gbps port-channel.
Have a look at the ASR1002 + ESP5/10G
Stable for BGP+ISIS as far as our experience goes.
adam.
ASR1002 + ESP5 was great for OSPF + BGP. 450M+ of traffic for me at peek (proc at1-2%)
Any experience in how much more resilient is the ASR compared with 7600/6500, DDoS-wise :-) ? And compared with NPE-G2 ? And in terms of CoPP and etc ? The ASR's Quantum Flow processors scale quite unpredictably depending upon features, apparently, so it's difficult to say.
I'm expecting 5-7Gbps on the ESP10 with my usage (no complex features in use, just forwarding and Netflow), though I've little data to base that on. (ESP on one device currently reports 2-3% usage at ~200Mbit). It'll handle a DDoS much, much, much better than a 7201/NPE-G1, but much, much, much worse than a 65/7500 (even without DFCs). We use several ASRs with one at each entry point to the network (each transit provider / peering exchange) to spread potention DDoS across a lot of processors, that approach is working well for us at the moment. Our only real issue is that the Netflow implementation on the ASRs seems to be a little 'sensitive' to configuration changes and sometimes just stops exporting flows. adam.