I'm already seeing several responses to this; thanks!
It may be worthwhile for me to rephrase the questions, rather than pre-selecting hardware... :) - What device would you use for upstream/core connectivity that would be able to withstand high pps DDoS? - What device and features would you use to terminate hundreds of rate- limited ethernet connections? Both devices would need to be able to handle full tables. Thanks again, On Fri, February 27, 2009 06:08, Rick Ernst wrote: > > I'm looking at a network refresh and both Cisco and Juniper are on the > radar. We are currently almost all-Cisco. The two platforms we are > looking at are the Juniper M10i and the Cisco 7606/Sup7203BXL. > > Our bandwidth needs are pretty modest; currently less than 500Mbs amd our > packet consumption is about 75,000pps. I'm currently projecting over 1Gbs > in about a year. Our existing gear (7200/7500/RSM) handles the load > fairly well, but memory on the VIPs, RSMs, and older RSPs can't handle a > full table. We also need to be able to absorb high pps DDoSes. > > Juniper seems to essentially claim that "you get whatever the platform is > spec'd for, regardless of packet size/type" at ~4-8Gbs. Cisco claims > 720Gbs (full-duplex?) and about 40Mpps on the 720 with DFC. > > Our border/core pretty much just moves packets, so I'm not too worried > about the packet handling at that level. A large portion of our customer > traffic is rate-limited/policed (hundreds of ethernet connections). > > Does anybody have any "Yeah, Juniper really does that" stories, or > experience with how packet manipulation impacts the Sup720 performance? > Essentially, what could the Sup720 handle if every packet hit the CPU? > Does the architectural difference between the Sup720 and 7200/7500 at > least somewhat mitigate CPU impact with CAR/policing? > > Thanks! > > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
