On Wed, Sep 3, 2008 at 8:28 PM, Jo Rhett <jrhett@netconsonance.com> wrote:
For equivalent redundancy and ports, the Force10 is always cheaper - even just in list price. (on the E-series -- Cisco has some cheaper options than the S-series so I've heard - don't care)
Some food for thought, comparing apples to apples... FORCE 10 ********************* CH-E300-BNA8-L $35,000.00 E300 110V AC Terascale Chassis Bundle: 6-slot E300 chassis with 400 Gb backplane, fan subsystem, 3 AC Power Supplies (CC-E300-1200W-AC) 1 Route Processor Module (EF3), 2 Switch Fabric Modules LC-EF3-1GE-24P $30,000.00 E300 Terascale 24-port Gigabit Ethernet line card - SFP optics required (series EF3) CC-E300-1200W-AC $4,000.00 E300 1200W/800W AC Power Supply CC-E-SFM3 $12,500.00 E-Series Switch Fabric Module LC-EF3-RPM $30,000.00E300 Terascale Route processor module (series EF3) ** BASIC CONFIG WITH 24 GIG-E (SFP PORTS): $65000.00 (USD) ** CISCO **************** WS-C6503-E Catalyst 6500 Enhanced 3-slot chassis,4RU,no PS,no Fan Tray 2500 WS-SUP720-3BXL= Catalyst 6500/Cisco 7600 Supervisor 720 Fabric MSFC3 PFC3BXL 40000 WS-X6724-SFP= Catalyst 6500 24-port GigE Mod: fabric-enabled (Req. SFPs) 15000 WS-CAC-3000W= Catalyst 6500 3000W AC power supply (spare) 3000 PWR-950-DC= Spare 950W DC P/S for CISCO7603/Cat 6503 1245 WS-C6503-E-FAN= Catalyst 6503-E Chassis Fan Tray 495 ** BASIC CONFIG WITH 24 GIG-E (SFP PORTS) (not counting two bonus ports on Sup :) 62240.00 (USD) ** Please realize that the above is list vs. list. Cisco 6500 series hardware is extremely popular in the secondary market, with discounts of 80% or greater on linecards, etc common, furthering the argument that Cisco is the cheaper of the two solutions.
As a box designed with the enterprise datacenter in mind, the E-series looks to be missing several key service provider features, including MPLS and advanced control plane filtering/policing.
Ah, because Cisco does either of these in hardware?
Yes, they do, on the s720-3B and better.
No, they don't. There are *no* *zero* providers doing line-speed uRPF on Cisco for a reason. Stop reading, start testing.
Cisco absolutely does MPLS and control-plane policing in hardware on the SUP720 (3B and higher), ditto uRPF. Force 10 doesn't even support the first two last I checked! On the subject of uRPF, it's true, Cisco's implementation is less than ideal, and is not without caveats. Nobody seems to get this right, though Juniper tries the hardest. Practically speaking, it can be made to work just fine. Possible solutions commonplace among larger tier 1/2 providers include having your OSS auto-generate an inbound access-list against a list of networks routed to the customer, or just applying a boilerplate "don't allow bad stuff" filter on the ingress. uRPF strict as a configuration default, on customers without possible asymmetry (multihoming, one-way tunneling, etc) is not a bad default. But when the customers increase in complexity, the time might come to relax things some. It's certainly not a be-all-end-all. And it's been demonstrated time after time here that anti-spoof/bogon filtering isn't even a factor in most large-scale attacks on the public Internet these days. Think massively sized, well connected, botnets. See also CP attacks (which, again, the F10 can't even help you with). Drive Slow, Paul Wall