On 2019-09-02 15:52, Baldur Norddahl wrote:

Maturity is such a subjective word. But yes there are plenty of
options for routing protocols on a Linux. Every internet exchange is
running BGP on Linux for the route server after all.

I am not recommending a server over MX204. I think MX204 is brilliant.
It is one of the cheapest options and if that is not cheap enough,
THEN the server solution is probably what you may be looking for.

You can move a lot of traffic even with an old leftover server.
Especially if you are not concerned with moving 64 bytes DDoS at line
speed, because likely you would be down anyway in that case.

As to the OPEX I would claim there are small shops that would have an
easier time with a server, because they know how to do that. They
would have only one or two routers and learning how to run JUNOS just
for that might never happen. It all depends on what workforce you
have. Network people or server guys?

Regards

Baldur



I think that such types of DDoS are much easier to solve on a server with XDP/eBPF than on MX. And much cheaper if we are talking about the new SYN+ACK DDoS and it is exactly 64b ddos case. I used multiple 82599.

From snabbco discussion, issue #1013, "If you read Intel datasheets then the minimum packet rate they are guaranteeing is 64B for 10G (82599), 128B for 40G (XL710), and 256B for 100G (FM10K)."

But "hardware", ASIC enabled routers such as MX might be not better and even need some tuning.
https://kb.juniper.net/InfoCenter/index?page=content&id=KB33477&actp=METADATA
"On summit MX204 and MX10003 platforms, the line rate frame size is 119 byte for 10/40GbE port and 95 byte for 100GbE port." or some QFX, for example, Broadcom Tomahawk 32x100G switches only do line-rate with >= 250B packets according to datasheets.

Reply via email to