CPE that support 1G with BGP multihomed
Dear Nanoger, Anyone have an advice on CPE which can support the following features, please: 1) 1 Gigabits/s ipv4 or ipv6 forwarding IMIX or Internet traffic, full duplex (not sure if cisco or miercom are conducting bidirectionals traffic flows at the same time). 2) with ACLs and with uRPF with prefix filtering with bgp ext-communities (rfc 8092 would be a ++, but not mandatory) 3) with BGP full route, 1 eBGP session + 1 iBGP (--> multihomed, single attached solution, so there is 2 CPE connected to 2 bgp transit)) 4) vrf light and SNMP + telnet/ssh with ACLs Currently on Cisco side, we see the following candidates: - ASR 1001-x - ASR 1002 - ISR 4431, 4451 - ISR G2 2921 + 2951 + 3925(E) (EoL soon, so we are currently in the process of evaluating other solution). But we would like also to include other manufacturer : juniper, mikrotik , etc.... Thank for your help, - Marcel
marcel.duregards--- via NANOG wrote on 9/26/2017 4:29 AM:
Currently on Cisco side, we see the following candidates:
- ASR 1001-x - ASR 1002 - ISR 4431, 4451 - ISR G2 2921 + 2951 + 3925(E) (EoL soon, so we are currently in the process of evaluating other solution).
Keep in mind the ASR1002 is also EoL, and only the configuration with upgraded RAM and ESP10 would meet your stated need for a full BGP table (the ESP2.5/5 does not have enough FIB memory to store the full routing table). The 1001-X offers the pay as you go model, so you may want to check with Cisco regarding FIB availability at different license price points. I believe the ASR9001 would also meet your needs; I don't have experience with the other options.
Hi Marcel, I've personnel tested similar requirements on the followings; ASR1001 - 8G RAM ASR1001-X ASR1002 8G RAM with two eBGP sessions / full routes via two upstreams and mutiple iBGP sessions to the core. The ASR1K is a safe bet. The ISR G2 2921 or 2951 suffers under load if you have PBR or NAT/PAT rules. Hope this info helps with your research and router selections. Cheers, Ahad On Tue, Sep 26, 2017 at 7:29 PM, marcel.duregards--- via NANOG < nanog@nanog.org> wrote:
Dear Nanoger,
Anyone have an advice on CPE which can support the following features, please:
1) 1 Gigabits/s ipv4 or ipv6 forwarding IMIX or Internet traffic, full duplex (not sure if cisco or miercom are conducting bidirectionals traffic flows at the same time).
2) with ACLs and with uRPF with prefix filtering with bgp ext-communities (rfc 8092 would be a ++, but not mandatory)
3) with BGP full route, 1 eBGP session + 1 iBGP (--> multihomed, single attached solution, so there is 2 CPE connected to 2 bgp transit))
4) vrf light and SNMP + telnet/ssh with ACLs
Currently on Cisco side, we see the following candidates:
- ASR 1001-x - ASR 1002 - ISR 4431, 4451 - ISR G2 2921 + 2951 + 3925(E) (EoL soon, so we are currently in the process of evaluating other solution).
But we would like also to include other manufacturer : juniper, mikrotik , etc....
Thank for your help,
- Marcel
On 09/26/17 06:29, marcel.duregards--- via NANOG wrote:
Dear Nanoger,
Anyone have an advice on CPE which can support the following features, please:
I've been building cpe devices using various models from http://www.lannerinc.com. I populate with Debian linux:. I use pxeboot to autoboot into install mode with dnsmasq providing deb-install preseed build files. On the auto reboot after o/s install, I finish up with consistent, documented builds with SaltStack. This provides the necessary customized switching, routing, security, and monitoring. Raymond Burkholder https://blog.raymond.burkholder.net 441 705 7292
1) 1 Gigabits/s ipv4 or ipv6 forwarding IMIX or Internet traffic, full duplex (not sure if cisco or miercom are conducting bidirectionals traffic flows at the same time).
With an FW-7543, I can iperf bidirectional 1gbps with no acl. I can get strongswan ipsec bidirectional at about 50mbps (the cpu has AES-NI). I havn't tried ipsec on devices like the FW-7573.
2) with ACLs and with uRPF with prefix filtering with bgp ext-communities (rfc 8092 would be a ++, but not mandatory)
3) with BGP full route, 1 eBGP session + 1 iBGP (--> multihomed, single attached solution, so there is 2 CPE connected to 2 bgp transit)) I've used the FW-7543 in pairs to a customer for this: a management
I can customize configs with various combinations of VRRP, FreeRangeRouting BGP/OSPF (full routes are no problem), nftables for ACL, lldpd, hostapd for wireless, openvswitch for bridging requirements/netflow/sflow ... The linux kernel supplies uRPF. FreeRangeRouting (a fork of Quagga) can do prefix filtering, ext-communities, etc. They have even recently implemented EVPN using VxLAN for encapsulation. port, a port between the two, an upstream port, and a downstream port.
4) vrf light and SNMP + telnet/ssh with ACLs Linux kernel has VRF capabilities, or use namespaces or native containers for segregation of functions or for implementing virtual functions.
Currently on Cisco side, we see the following candidates:
- ASR 1001-x - ASR 1002 - ISR 4431, 4451 - ISR G2 2921 + 2951 + 3925(E) (EoL soon, so we are currently in the process of evaluating other solution).
But we would like also to include other manufacturer : juniper, mikrotik , etc....
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
participants (4)
-
Ahad Aboss
-
Blake Hudson
-
marcel.duregards@yahoo.fr
-
Raymond Burkholder