CPE that support 1G with BGP multihomed
Dear Nanoger, Anyone have an advice on CPE which can support the following features, please: 1) 1 Gigabits/s ipv4 or ipv6 forwarding IMIX or Internet traffic, full duplex (not sure if cisco or miercom are conducting bidirectionals traffic flows at the same time). 2) with ACLs and with uRPF with prefix filtering with bgp ext-communities (rfc 8092 would be a ++, but not mandatory) 3) with BGP full route, 1 eBGP session + 1 iBGP (--> multihomed, single attached solution, so there is 2 CPE connected to 2 bgp transit)) 4) vrf light and SNMP + telnet/ssh with ACLs Currently on Cisco side, we see the following candidates: - ASR 1001-x - ASR 1002 - ISR 4431, 4451 - ISR G2 2921 + 2951 + 3925(E) (EoL soon, so we are currently in the process of evaluating other solution). But we would like also to include other manufacturer : juniper, mikrotik , etc.... Thank for your help, - Marcel
marcel.duregards--- via NANOG wrote on 9/26/2017 4:29 AM:
Keep in mind the ASR1002 is also EoL, and only the configuration with upgraded RAM and ESP10 would meet your stated need for a full BGP table (the ESP2.5/5 does not have enough FIB memory to store the full routing table). The 1001-X offers the pay as you go model, so you may want to check with Cisco regarding FIB availability at different license price points. I believe the ASR9001 would also meet your needs; I don't have experience with the other options.
Hi Marcel, I've personnel tested similar requirements on the followings; ASR1001 - 8G RAM ASR1001-X ASR1002 8G RAM with two eBGP sessions / full routes via two upstreams and mutiple iBGP sessions to the core. The ASR1K is a safe bet. The ISR G2 2921 or 2951 suffers under load if you have PBR or NAT/PAT rules. Hope this info helps with your research and router selections. Cheers, Ahad On Tue, Sep 26, 2017 at 7:29 PM, marcel.duregards--- via NANOG < nanog@nanog.org> wrote:
On 09/26/17 06:29, marcel.duregards--- via NANOG wrote:
I've been building cpe devices using various models from http://www.lannerinc.com. I populate with Debian linux:. I use pxeboot to autoboot into install mode with dnsmasq providing deb-install preseed build files. On the auto reboot after o/s install, I finish up with consistent, documented builds with SaltStack. This provides the necessary customized switching, routing, security, and monitoring. Raymond Burkholder https://blog.raymond.burkholder.net 441 705 7292
With an FW-7543, I can iperf bidirectional 1gbps with no acl. I can get strongswan ipsec bidirectional at about 50mbps (the cpu has AES-NI). I havn't tried ipsec on devices like the FW-7573.
I can customize configs with various combinations of VRRP, FreeRangeRouting BGP/OSPF (full routes are no problem), nftables for ACL, lldpd, hostapd for wireless, openvswitch for bridging requirements/netflow/sflow ... The linux kernel supplies uRPF. FreeRangeRouting (a fork of Quagga) can do prefix filtering, ext-communities, etc. They have even recently implemented EVPN using VxLAN for encapsulation. port, a port between the two, an upstream port, and a downstream port.
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
participants (4)
-
Ahad Aboss -
Blake Hudson -
marcel.duregards@yahoo.fr -
Raymond Burkholder