In article <xs4all.CALFTrnNyr4V_Op0Rg4MGfN+8zX6474p80UpX3TM35y8kyYZLqA@mail.gmail.com> you write:
It seems to be a pretty "hot button" issue, but I feel that modern hardware is more than capable of pushing packets. The old wisdom of "only hardware can do it efficiently" is starting to prove untrue. 10G might still be a challenge (I haven't tested), but 1G is not even close to being an issue. Depending on the target for your deployment, it might make sense to whitebox a router or firewall instead of spending 20K on it. Especially if you're working with any kind of scale.
Yes well, but also remember that bandwidth is not everything. Packets per second is. And if you're going to provide internet connectivity to endusers, some of them /will/ get hit with DDOS attacks. With a hardware router you can survive that as long as the DDOS is not consuming all your bandwidth. A software router being bombarded with a few gigabits of 64 byte packets .. not so much. This is also the reason btw that you should look into shaping the outgoing bandwidth to each enduser, to prevent one of them being DDOSsed filling up the entire link he/she is on. Mike.