I propose the hybrid solution: A device such as the ZTE 5960e with 24x 10G and 2x 40G will set you about USD 6000 back. This thing can do MPLS and L3 equal cost multiple path routing. With that you can load balance across as many software routers as you need. It also speaks BGP and can accept about 10k routes. So maybe you could consider if the full table is really worth it. It would be possible to have your software router speak BGP with the neighbors and use next hop to direct the traffic directly to the switch. Or use proxy arp if the peer does not want to allow you to specify a different next hop than the BGP speaker. This way your software router is only moving outgoing packets. Inbound packets will never go through the computer, but will instead be delivered directly to the correct destination by hardware switching. If you are an ISP, you will often have more inbound traffic so this very useful. Also the weak point of the software router is denial of service attacks with small packets. The attacks are likely from outside your network so your software router will not need to route it. We need someone to code a BGP daemon, that will export the 5k most used routes to the switch. This way you can have the switch deliver the majority of the traffic directly to your peers. If you are a service provider, much of your traffic is outbound. Put your servers or multiple routers/firewalls on the same vlan as your transit. Then add static host routes for next hop on all servers. This way you can have as many servers as you need to deliver traffic directly. You can run iBGP on all the servers, so every server knows how to route outbound by itself. MPLS would also be useful for this instead of vlan, but there is no good MPLS implementation for Linux. Regards, Baldur