On Friday 27 February 2009 11:08:12 pm Rick Ernst wrote: > - What device would you use for upstream/core > connectivity that would be able to withstand high pps > DDoS?
Depends on: a) how much bandwidth/pps you hope to handle b) what switch fabric you have We don't like giving vendors "free" money, so... If I had to guess, I'd say, from Cisco, start off with an ASR1002 for the upstream, and take it from there. From Juniper, look at the M7i here. For the core, I'd say consider an ASR1004/6 and work your way up from there. From Juniper, consider an M10i. > - What device and features would you use to terminate > hundreds of rate- limited ethernet connections? Apart from 802.1Q VLAN's, policers, QoS, routing protocols, e.t.c., the rest of the features depends on what you want to achieve. As for the device, again, not sure what your traffic levels are, but if you're looking at hundreds of Ethernet connections, a 7609-S from Cisco sounds good (if an ASR1006 trunked to a couple of 3560G's is out of the question). Some folk may recommend running switches as routers, but we tend to like real routers doing that... From Juniper, for hundreds of Ethernet connections, take a look at their MX480 router (if an M7i/M10i trunked to a couple of EX3200's is out of the question). Again, some folk may recommend running the EX3200's as routers, but... > Both devices would need to be able to handle full tables. Precisely why the low-end so-called "Layer 3 switches" shouldn't be run as full routers. Otherwise, the other options are good to go. Again, these are just my opinions. You probably want to study your needs more, talk to your account team, run some PoC's, e.t.c., and not pay any real attention to what I'm saying :-). Mark.
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
