subject:"Re\: \[c\-nsp\] Internet border router recommendations and experiences"

Re: [c-nsp] Internet border router recommendations and experiences

2023-03-08 Thread Eric Louie via cisco-nsp

Phil et al, I goofed on the original email.  The Internet upstream is actually 
100Gbps.  I'm at 10G right now and about 40% utilization download on this 
particular feed.
-e-

Eric Louie
619-743-5375 Cell/text
Stay in this moment, it's the only one you really have
Take the time to be compassionate today

On Thursday, February 23, 2023 at 11:35:35 AM PST, Phil Bedard via 
cisco-nsp  wrote:  

 The original question was around an Internet border router with 10G support.  
We have devices like the 55A2-MOD-SE which is similar to some other vendor 
devices (somewhat of a reference Broadcom design) which we’ve seen be very 
popular in border router deployments where you do not need a ton of bandwidth.

XRd runs in a container with very little memory, it doesn’t always have to be 
“fat”.  In fact some of the smaller 540 systems have very little RP memory.

Thanks,
Phil

From: cisco-nsp  on behalf of Mark Tinka via 
cisco-nsp 
Date: Thursday, February 23, 2023 at 12:32 PM
To: Brian Turnbow , Gert Doering 
Cc: cisco-nsp@puck.nether.net 
Subject: Re: [c-nsp] Internet border router recommendations and experiences

On 2/23/23 19:20, Brian Turnbow wrote:
> They also seem to want to follow the same route in metro with the NCS540s and 
> this global bandwidth licensing bucket.
> You want to turn up 2x100 and 24*10 on a box?
> Buy 44 "essential right to use v1 for 10g" and all the shabangs that come 
> with it that renew every 3 years...
> Not so low cost anymore.
> They sold/sell warehouses  full of MEs/asr920s to providers yet seem to want 
> to alienate the market ...
>
> A shame

Apart from IOS XR being such a fat OS for us in the Metro, it's one of
the many reasons we rejected their offer to swap out the ASR920 with the
NCS540.

Cisco have lost the plot, IMHO. Every solution at every level of the
network is now a bulldozer searching for a tiny nail to hammer.

Mark.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-03-06 Thread Andrey Kostin via cisco-nsp

Recent Juniper licensing model called "Flex software license" can be
found here:

https://www.juniper.net/documentation/us/en/software/license/juniper-licensing-admin-guide.pdf
Sorry for the link to huge pdf, but looks like Juniper now redirects all
my bookmarked pages to this document.
In short, there are three levels: standard, advanced and premium.
Standard has very low usability, advanced covers the most of use cases,
and premium adds some icing on the cake. Standard is included with
hardware, Advanced and Premium are available as perpetual or 1-3-5 years
time based. Time-based licenses include HW support, for perpetual
conventional NBD support has to be purchased. From my estimate,
time-based licenses are little less expensive on 5 years span, but on 8
years span perpetual gets better.
High performance devices and linecards can be licensed for partial
number of 100G or 400G ports and there is a minimum number for each
product that has to be licensed.
According to the document mentioned above, subscriber services need
separate licenses, although before I was told by Juniper that Premium
license covers everything, so this is new discovery for me. There are
packages for 4,8,16,32 and 64 thousand subscribers. They are not very
expensive compared to the price of hardware.

Hope this is helpful for OP.

Kind regards,
Andrey

Mark Tinka via cisco-nsp писал(а) 2023-02-24 13:18:

On 2/24/23 19:51, Lukas Tribus via cisco-nsp wrote:

Hello,

for the unititiated, how does the licensing on a mx204 look like for
different or combined use-cases like pure IP edge, mpls layer3 and
layer2

VPNs, BNG functionality?

IIRC, BNG deployments support up to 1,000 concurrent subscribers by
default. Anything more requires a license that should be purchased and
activated on the router.

For all other non-BNG features, the license is honour-based, and may
get enforced during a TAC call.

Mark.
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-26 Thread Gert Doering via cisco-nsp

Hi,

On Sun, Feb 26, 2023 at 08:21:01PM +, Phil Bedard wrote:
> The newer software is packaged that way already, if you don?t need SMUs.  If 
> you want to customize it with SMUs and whatnot it takes a few minutes, 
> depends on your processor and storage speed of course.

The question was not so much "how long does it create the iso" but
"how long will the platform take to do 'install replace myiso.iso'",
given the abysmal filesystem performance of IOS XR.

While I generally really like XR more than XE, the "copy one image
to flash, and then reload, pointing to that image" is just much
more convenient than "have the box extract the image into a full
filesystem, waiting for that to succeed, eternities later".

(The latter is also something JunOS on EX switches really *cough*
excels at, mounting flash read-write that should be read-only, and
destroying filesystems on power-outage reloads...)

gert
-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
 Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany g...@greenie.muc.de

signature.asc
Description: PGP signature
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-26 Thread Phil Bedard via cisco-nsp

The newer software is packaged that way already, if you don’t need SMUs.  If 
you want to customize it with SMUs and whatnot it takes a few minutes, depends 
on your processor and storage speed of course.

Thanks,
Phil

On 2/26/23, 11:18 AM, "Gert Doering"  wrote:
Hi,

On Sun, Feb 26, 2023 at 02:29:13PM +, Phil Bedard wrote:
> XR for a number of years now has had the concept of a ?golden ISO?.  It?s a 
> single image either built by Cisco or customers can build their own that 
> include the base software and the SMUs in a single image.  You just issue a 
> single ?install replace myiso.iso? and that?s it.

And that takes how many hours to complete?

(But yes, that sounds like progress has been made in XR64 land)

gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
 Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany 
g...@greenie.muc.de

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-26 Thread Gert Doering via cisco-nsp

Hi,

On Sun, Feb 26, 2023 at 02:29:13PM +, Phil Bedard wrote:
> XR for a number of years now has had the concept of a ?golden ISO?.  It?s a 
> single image either built by Cisco or customers can build their own that 
> include the base software and the SMUs in a single image.  You just issue a 
> single ?install replace myiso.iso? and that?s it.

And that takes how many hours to complete?

(But yes, that sounds like progress has been made in XR64 land)

gert
-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
 Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany g...@greenie.muc.de


signature.asc
Description: PGP signature
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-26 Thread Mark Tinka via cisco-nsp




On 2/26/23 16:29, Phil Bedard wrote:

SMUs were a good idea, but not really great in practice.  Most 
customers I work with do not want to manage application level patches, 
just entire images, even in cases where they are just a process restart.


XR for a number of years now has had the concept of a “golden ISO”.  
It’s a single image either built by Cisco or customers can build their 
own that include the base software and the SMUs in a single image.  
You just issue a single “install replace myiso.iso” and that’s it.




I did not know that. But then again, we haven't used IOS XR platforms in 
a while, because we got put off.


Basically, Cisco got this wrong the first time, took advice on what 
operators wanted to make it better, but fumbled still.


We moved on.

Mark.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-26 Thread Mark Tinka via cisco-nsp




On 2/26/23 16:21, Phil Bedard wrote:

Ok well there are a number those as well. The 55A2 and newer 57C3 also 
support a number of 100G ports.


I quite don’t fully understand the “verbose architecture” comment.  
I’ve used a lot of router operating systems, Junos since 1999, SROS, 
XR, XE, you name it, and there isn’t a whole lot of difference between 
them in terms of configuration complexity and operations.  Obviously 
some just don’t have the feature set others do, but if you aren’t 
using the features then it doesn’t really matter.


There are at this point tens of thousands of NCS 540s deployed in that 
types of role, so I’m a bit curious if there was something specific in 
the config or other operations that was a show stopper issue?




It's two things specifically for us - RPL construction in IOS XR can be 
done in Junos for half the number of lines to achieve the same outcome, 
without losing sophistication.


Secondly, maintaining IOS XR (upgrades and SMU's) is too tedious.

They may seem like trivial points, but for us, they mean a lot.

It's why we still prefer IOS XE (by way of the CSR1000v) as a route 
reflector vs. Junos or IOS XR. IOS XE is far less verbose than the other 
two, in that role.


Mark.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-26 Thread Phil Bedard via cisco-nsp

SMUs were a good idea, but not really great in practice.  Most customers I work 
with do not want to manage application level patches, just entire images, even 
in cases where they are just a process restart.

XR for a number of years now has had the concept of a “golden ISO”.  It’s a 
single image either built by Cisco or customers can build their own that 
include the base software and the SMUs in a single image.  You just issue a 
single “install replace myiso.iso” and that’s it.

Thanks,
Phil

From: cisco-nsp  on behalf of Gert Doering 
via cisco-nsp 
Date: Friday, February 24, 2023 at 4:02 AM
To: Mark Tinka 
Cc: cisco-nsp@puck.nether.net 
Subject: Re: [c-nsp] Internet border router recommendations and experiences
Hi,

On Fri, Feb 24, 2023 at 05:00:52AM +0200, Mark Tinka via cisco-nsp wrote:
> For IOS XR, it's just too heavy for that sort of thing. Okay in the data
> centre where we are aggregating a ton of customers and/or Metro-E rings,
> but not out in the Metro. The Metro calls for a more agile OS. There are
> simply way too many devices to be dealing with the issue you mention,
> updating SMU's, rebooting, e.t.c., just to get a functionality and/or a
> bug fix from IOS XR.

I really do like XR, but the update hassles...  so having an "image based"
XR ("scp $new_xr.bin router:", "boot system flash $new_xr.bin", "reload")
would have been really nice.

Now, SMUs and "restart only the affected service" is a great promise, but
in all our time with the ASR9001, all we've seen is "reboot required"
or "the SMU is not compatible with using service packs".  So, "just upload
a new image, and then reload" would have had the same effect, with less
argueing with the box.

Not sure XR64 is better in that regard, no experience - we lost trust in
Cisco before the question of "successor to the 9001?  something with XR64?"
arose.

gert
--
"If was one thing all people took for granted, was conviction that if you
 feed honest figures into a computer, honest figures come out. Never doubted
 it myself till I met a computer with a sense of humor."
 Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany g...@greenie.muc.de
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-26 Thread Phil Bedard via cisco-nsp

Ok well there are a number those as well.  The 55A2 and newer 57C3 also support 
a number of 100G ports.

I quite don’t fully understand the “verbose architecture” comment.  I’ve used a 
lot of router operating systems, Junos since 1999, SROS, XR, XE, you name it, 
and there isn’t a whole lot of difference between them in terms of 
configuration complexity and operations.  Obviously some just don’t have the 
feature set others do, but if you aren’t using the features then it doesn’t 
really matter.

There are at this point tens of thousands of NCS 540s deployed in that types of 
role, so I’m a bit curious if there was something specific in the config or 
other operations that was a show stopper issue?

Thanks,
Phil

From: Mark Tinka 
Date: Thursday, February 23, 2023 at 9:58 PM
To: Phil Bedard , Brian Turnbow , Gert 
Doering 
Cc: cisco-nsp@puck.nether.net 
Subject: Re: [c-nsp] Internet border router recommendations and experiences

On 2/23/23 21:34, Phil Bedard wrote:
The original question was around an Internet border router with 10G support.   
We have devices like the 55A2-MOD-SE which is similar to some other vendor 
devices (somewhat of a reference Broadcom design) which we’ve seen be very 
popular in border router deployments where you do not need a ton of bandwidth.

I think the OP came back to clarify that they need a 100Gbps-based router.




XRd runs in a container with very little memory, it doesn’t always have to be 
“fat”.   In fact some of the smaller 540 systems have very little RP memory.

Not so much the memory footprint of the OS, but really, it's rather verbose 
architecture for high-touch areas like the Metro, for which the NCS540 was to 
replace the ASR920.

Mark.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-24 Thread Mark Tinka via cisco-nsp





On 2/24/23 19:51, Lukas Tribus via cisco-nsp wrote:


Hello,


for the unititiated, how does the licensing on a mx204 look like for
different or combined use-cases like pure IP edge, mpls layer3 and layer2
VPNs, BNG functionality?


IIRC, BNG deployments support up to 1,000 concurrent subscribers by 
default. Anything more requires a license that should be purchased and 
activated on the router.


For all other non-BNG features, the license is honour-based, and may get 
enforced during a TAC call.


Mark.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-24 Thread Lukas Tribus via cisco-nsp

Hello,


for the unititiated, how does the licensing on a mx204 look like for
different or combined use-cases like pure IP edge, mpls layer3 and layer2
VPNs, BNG functionality?

Thanks,
Lukas
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-24 Thread Aaron Gould via cisco-nsp

https://apps.juniper.net/home/port-checker/index.html

nice website to check port mix capabilities.

-Aaron

On 2/22/2023 5:06 PM, Thomas Scott via cisco-nsp wrote:

Yes - 400 Gbps throughput total If I recall correctly.

The MX204 has four rate-selectable ports that can be configured as

100-Gigabit Ethernet ports or 40-Gigabit Ethernet ports, or each port can
be configured as four 10-Gigabit Ethernet ports (by using a breakout
cable). The MX204 also has eight 10-Gigabit Ethernet ports. The four
rate-selectable ports support QSFP28 and QSFP+ transceivers, whereas the
eight 10-Gigabit Ethernet ports support SFP+ transceivers

https://www.juniper.net/documentation/us/en/hardware/mx204/topics/concept/mx204-description.html

Best Regards,
-Thomas Scott

On Wed, Feb 22, 2023 at 5:19 PM Eric Louie via cisco-nsp <
cisco-nsp@puck.nether.net> wrote:

Oh geez, I just realized I left a zero off the interface - we need 100G
interfaces both upstream (x1) and downstream (x2)
That probably changes the product choices a little bit.
Anyone with 100G Internet feeds want to let me know what you're using for
a border router? I saw one reply for Arista already.
Does the MX204 have 100GE interfaces and throughput?
-e-

Eric Louie
619-743-5375 Cell/text
Stay in this moment, it's the only one you really have
Take the time to be compassionate today

On Wednesday, February 22, 2023 at 12:43:52 PM PST, Mark Tinka
wrote:

On 2/22/23 20:29, Eric Louie wrote:

Mark, thanks. We were quoted a MX304 for the Internet edge from
Juniper. How has your experience been with it? are you 10G upstream and
downstream? Any IPS on the 10G connection?

The MX304 is not worth the money, for as long as the MX204 exists.

We tried an NCS-5501 and it was a disaster, in a word. The 10G
interface, uRPF, source-based blackholing, and routing table depth with
Cisco is a limiting factor in their product line.

Broadcom-based systems should always be looked at with one eye open,
i.e., test test test before you commit. This applies to any vendor, not
just Cisco.

Mark.

___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

--
-Aaron

___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-24 Thread Mark Tinka via cisco-nsp





On 2/24/23 11:01, Gert Doering wrote:


I really do like XR, but the update hassles...  so having an "image based"
XR ("scp $new_xr.bin router:", "boot system flash $new_xr.bin", "reload")
would have been really nice.

Now, SMUs and "restart only the affected service" is a great promise, but
in all our time with the ASR9001, all we've seen is "reboot required"
or "the SMU is not compatible with using service packs".  So, "just upload
a new image, and then reload" would have had the same effect, with less
argueing with the box.


This.

Which I don't mind in the data centre, because it's a few boxes looking 
after tons of traffic.


But in the Metro, where you have 100's - 1000's of boxes, this gets very 
painful, very quickly. That and RPL, despite its flexibility, can get 
rather rowdy in high-touch scenarios like the Metro.


Copy, save, reboot, is very attractive.

This is why we rejected the NCS540.



Not sure XR64 is better in that regard, no experience - we lost trust in
Cisco before the question of "successor to the 9001?  something with XR64?"
arose.


We stopped keeping track.

Mark.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-24 Thread Gert Doering via cisco-nsp

Hi,

On Fri, Feb 24, 2023 at 05:00:52AM +0200, Mark Tinka via cisco-nsp wrote:
> For IOS XR, it's just too heavy for that sort of thing. Okay in the data 
> centre where we are aggregating a ton of customers and/or Metro-E rings, 
> but not out in the Metro. The Metro calls for a more agile OS. There are 
> simply way too many devices to be dealing with the issue you mention, 
> updating SMU's, rebooting, e.t.c., just to get a functionality and/or a 
> bug fix from IOS XR.

I really do like XR, but the update hassles...  so having an "image based"
XR ("scp $new_xr.bin router:", "boot system flash $new_xr.bin", "reload")
would have been really nice.

Now, SMUs and "restart only the affected service" is a great promise, but
in all our time with the ASR9001, all we've seen is "reboot required"
or "the SMU is not compatible with using service packs".  So, "just upload
a new image, and then reload" would have had the same effect, with less
argueing with the box.

Not sure XR64 is better in that regard, no experience - we lost trust in
Cisco before the question of "successor to the 9001?  something with XR64?"
arose.

gert
-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
 Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany g...@greenie.muc.de

signature.asc
Description: PGP signature
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-23 Thread Hank Nussbacher via cisco-nsp


On 23/02/2023 19:32, Mark Tinka via cisco-nsp wrote:

Cisco have lost the plot, IMHO. Every solution at every level of the 
network is now a bulldozer searching for a tiny nail to hammer.


Mark.


 So well said.

-Hank
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-23 Thread Mark Tinka via cisco-nsp





On 2/23/23 21:45, Shawn L via cisco-nsp wrote:


That's one of the major reasons we're sticking with the ASR920 in metro
deployments for all it's faults.  They do silly license stuff on the 12SZ
(no bulk, make all the 10G ports work license) but once you figure out
their quirks they do work quite well.

We did just receive a 9901 (purchased 6 months ago).  It seems nice but
again, licensing.  Want to put more than 120G worth of optics, add a
license.  And reboot.  Really, reboot?  That just seems silly in this day
and age.


Exactly - the Metro will usually see 100's - 1000's of devices. IOS XE 
is nice and simple for such applications. In fact, Junos too.


For IOS XR, it's just too heavy for that sort of thing. Okay in the data 
centre where we are aggregating a ton of customers and/or Metro-E rings, 
but not out in the Metro. The Metro calls for a more agile OS. There are 
simply way too many devices to be dealing with the issue you mention, 
updating SMU's, rebooting, e.t.c., just to get a functionality and/or a 
bug fix from IOS XR.


Mark.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-23 Thread Mark Tinka via cisco-nsp




On 2/23/23 21:34, Phil Bedard wrote:

The original question was around an Internet border router with 10G 
support.   We have devices like the 55A2-MOD-SE which is similar to 
some other vendor devices (somewhat of a reference Broadcom design) 
which we’ve seen be very popular in border router deployments where 
you do not need a ton of bandwidth.




I think the OP came back to clarify that they need a 100Gbps-based router.


XRd runs in a container with very little memory, it doesn’t always 
have to be “fat”.   In fact some of the smaller 540 systems have very 
little RP memory.




Not so much the memory footprint of the OS, but really, it's rather 
verbose architecture for high-touch areas like the Metro, for which the 
NCS540 was to replace the ASR920.


Mark.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-23 Thread Shawn L via cisco-nsp

That's one of the major reasons we're sticking with the ASR920 in metro
deployments for all it's faults.  They do silly license stuff on the 12SZ
(no bulk, make all the 10G ports work license) but once you figure out
their quirks they do work quite well.

We did just receive a 9901 (purchased 6 months ago).  It seems nice but
again, licensing.  Want to put more than 120G worth of optics, add a
license.  And reboot.  Really, reboot?  That just seems silly in this day
and age.

On Thu, Feb 23, 2023 at 12:32 PM Mark Tinka via cisco-nsp <
cisco-nsp@puck.nether.net> wrote:

>
>
> On 2/23/23 19:20, Brian Turnbow wrote:
> > They also seem to want to follow the same route in metro with the
> NCS540s and this global bandwidth licensing bucket.
> > You want to turn up 2x100 and 24*10 on a box?
> > Buy 44 "essential right to use v1 for 10g" and all the shabangs that
> come with it that renew every 3 years...
> > Not so low cost anymore.
> > They sold/sell warehouses  full of MEs/asr920s to providers yet seem to
> want to alienate the market ...
> >
> > A shame
>
> Apart from IOS XR being such a fat OS for us in the Metro, it's one of
> the many reasons we rejected their offer to swap out the ASR920 with the
> NCS540.
>
> Cisco have lost the plot, IMHO. Every solution at every level of the
> network is now a bulldozer searching for a tiny nail to hammer.
>
> Mark.
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-23 Thread Phil Bedard via cisco-nsp

The original question was around an Internet border router with 10G support.   
We have devices like the 55A2-MOD-SE which is similar to some other vendor 
devices (somewhat of a reference Broadcom design) which we’ve seen be very 
popular in border router deployments where you do not need a ton of bandwidth.

XRd runs in a container with very little memory, it doesn’t always have to be 
“fat”.   In fact some of the smaller 540 systems have very little RP memory.

Thanks,
Phil

From: cisco-nsp  on behalf of Mark Tinka via 
cisco-nsp 
Date: Thursday, February 23, 2023 at 12:32 PM
To: Brian Turnbow , Gert Doering 
Cc: cisco-nsp@puck.nether.net 
Subject: Re: [c-nsp] Internet border router recommendations and experiences

On 2/23/23 19:20, Brian Turnbow wrote:
> They also seem to want to follow the same route in metro with the NCS540s and 
> this global bandwidth licensing bucket.
> You want to turn up 2x100 and 24*10 on a box?
> Buy 44 "essential right to use v1 for 10g" and all the shabangs that come 
> with it that renew every 3 years...
> Not so low cost anymore.
> They sold/sell warehouses  full of MEs/asr920s to providers yet seem to want 
> to alienate the market ...
>
> A shame

Apart from IOS XR being such a fat OS for us in the Metro, it's one of
the many reasons we rejected their offer to swap out the ASR920 with the
NCS540.

Cisco have lost the plot, IMHO. Every solution at every level of the
network is now a bulldozer searching for a tiny nail to hammer.

Mark.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-23 Thread Mark Tinka via cisco-nsp





On 2/23/23 19:20, Brian Turnbow wrote:

They also seem to want to follow the same route in metro with the NCS540s and 
this global bandwidth licensing bucket.
You want to turn up 2x100 and 24*10 on a box?
Buy 44 "essential right to use v1 for 10g" and all the shabangs that come with 
it that renew every 3 years...
Not so low cost anymore.
They sold/sell warehouses  full of MEs/asr920s to providers yet seem to want to 
alienate the market ...

A shame


Apart from IOS XR being such a fat OS for us in the Metro, it's one of 
the many reasons we rejected their offer to swap out the ASR920 with the 
NCS540.


Cisco have lost the plot, IMHO. Every solution at every level of the 
network is now a bulldozer searching for a tiny nail to hammer.


Mark.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-23 Thread Brian Turnbow via cisco-nsp

Hi

> 
> So if Cisco price themselves out of the market with their flagship Ethernet 
> box
> - the ASR9000 - that just makes it easier for customers to consider Juniper,
> Arista, Nokia, e.t.c.

They also seem to want to follow the same route in metro with the NCS540s and 
this global bandwidth licensing bucket.
You want to turn up 2x100 and 24*10 on a box? 
Buy 44 "essential right to use v1 for 10g" and all the shabangs that come with 
it that renew every 3 years...
Not so low cost anymore.
They sold/sell warehouses  full of MEs/asr920s to providers yet seem to want to 
alienate the market ...

A shame

Brian


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-23 Thread Mark Tinka via cisco-nsp





On 2/23/23 14:12, Alexandr Gurbo wrote:

For 10g speeds the best solution is a linux box and a contract with an anti 
ddos partner.


Or even a server with a hypervisor running, say, CSR1000v or vMX or vSR 
will do nicely. A little pricier than Linux, but likely worth it if you 
have a decent server and are realistic about your traffic-handling 
capabilities.




All announced Juniper MX series, Cisco ASR1k or IOS XR 9k series are very 
expensive for the initial request. Not to mention about price on licensing, 
spare parts and RMA contracts from the vendor.


I'd throw Nokia and Arista in there, and maybe even Arrcus, as well as 
consider some of their Broadcom boxes too, but only if your needs are 
mainly hauling traffic, and not advanced packet manipulation.




If you want known vendor, try review they old unsupported models from the 
second hands.


Plenty options there, but only for old gear. MX204's, ASR9000's, even 
modern ASR1000's, are not readily available on the open market. And if 
they are, as we have found, they are similarly priced as buying from the 
OEM directly.


Mark.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-23 Thread Mark Tinka via cisco-nsp





On 2/23/23 13:47, Gert Doering wrote:


Basically they have "fixed" that by making the ASR9901/9902/9903 even
more expensive.


And hence, why we consider other vendors.

I mean, the general rule for networking today, is Ethernet. Even in some 
of the most far-flung regions of the world, one would be hard-pressed to 
find TDM/PDH/SDH/SONET in any meaningful degree of presence.


So if Cisco price themselves out of the market with their flagship 
Ethernet box - the ASR9000 - that just makes it easier for customers to 
consider Juniper, Arista, Nokia, e.t.c.


Mark.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-23 Thread Gert Doering via cisco-nsp

Hi,

On Thu, Feb 23, 2023 at 09:40:26AM +0200, Mark Tinka via cisco-nsp wrote:
> The issue they face is Ethernet-centric platforms are much more 
> optimized for today's Internet, and platforms like the ASR1000 simply 
> don't make sense anymore. Why pay all that to get some Ethernet on an 
> ASR1000 when an MX240 or an ASR9000 is around?

Basically they have "fixed" that by making the ASR9901/9902/9903 even
more expensive.

gert
-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
 Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany g...@greenie.muc.de


signature.asc
Description: PGP signature
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-22 Thread Xavier Beaudouin via cisco-nsp

Hello,
 
> Which is why we just focus on Juniper and Arista right now. Cisco are
> still living in the pre-Covid era. Those good ol' days are gone, and
> unless you have the clout to command proper discounts from Cisco, you
> are losing out on better efficiencies with other vendors.

+1... As well the "smart" licensing brain damage with mandatory call 
home is also one of the reasons I rather like juniper and arista (and some
outsider that have brain damage sometime somewhere else) than Cisco.

Unfortunatly some companies have the IBM syndrome : if it is cisco and
if there is a problem, well our choice is still good...

/Xavier
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-22 Thread Mark Tinka via cisco-nsp




On 2/23/23 08:22, Hank Nussbacher via cisco-nsp wrote:



For an ASR9906 to add 4x port 100G here is the GPL pricing:

Part Number    Description    Unit List Price
A99-4HG-FLEX-TR=    ASR 9900 400GE Packet Transport Combo Line Card - 
5th Gen    271,493.78
CON-SNT-A994HGFT    SNTC-8X5XNBD ASR 9900 400GE Packet Transport Combo 
Li 87,210.25
QSFP-100G-LR4-S    100GBASE LR4 QSFP Transceiver, LC, 10km over SMF    
35,388.85


$400K GPL with 8x5xNBD support. Price for LR4 is $35K - so the $400K 
pricing is just for 1x LR4.   Very pricey.


Which is why we just focus on Juniper and Arista right now. Cisco are 
still living in the pre-Covid era. Those good ol' days are gone, and 
unless you have the clout to command proper discounts from Cisco, you 
are losing out on better efficiencies with other vendors.


Mark.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-22 Thread Mark Tinka via cisco-nsp




On 2/23/23 08:15, Hank Nussbacher via cisco-nsp wrote:



A fully licensed asr1001-hx (all 8 10G ports operational) w/ 5 years 
Cisco Smartnet support - GPL is around $220K.  Add your discount here. 
 Cheap is relative.


The ASR1000 platforms are pretty sexy, but Cisco have out-priced 
themselves from that market.


The issue they face is Ethernet-centric platforms are much more 
optimized for today's Internet, and platforms like the ASR1000 simply 
don't make sense anymore. Why pay all that to get some Ethernet on an 
ASR1000 when an MX240 or an ASR9000 is around?


Mark.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-22 Thread Hank Nussbacher via cisco-nsp


On 23/02/2023 0:19, Eric Louie via cisco-nsp wrote:

Oh geez, I just realized I left a zero off the interface - we need 100G 
interfaces both upstream (x1) and downstream (x2)
That probably changes the product choices a little bit.
Anyone with 100G Internet feeds want to let me know what you're using for a 
border router?  I saw one reply for Arista already.


For an ASR9906 to add 4x port 100G here is the GPL pricing:

Part Number Description Unit List Price
A99-4HG-FLEX-TR=	ASR 9900 400GE Packet Transport Combo Line Card - 5th 
Gen	271,493.78
CON-SNT-A994HGFT	SNTC-8X5XNBD ASR 9900 400GE Packet Transport Combo Li 
87,210.25

QSFP-100G-LR4-S 100GBASE LR4 QSFP Transceiver, LC, 10km over SMF
35,388.85

$400K GPL with 8x5xNBD support. Price for LR4 is $35K - so the $400K 
pricing is just for 1x LR4.   Very pricey.


Regards,
Hank
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-22 Thread Hank Nussbacher via cisco-nsp


On 22/02/2023 20:25, zzif via cisco-nsp wrote:

22.2.2023, 5:31, Eric Louie via cisco-nsp wrote:

For a 10G (or maybe 2x10G) Cisco ASR1001-HX is adequate, rock solid and 
relatively cheap. If you have more budget, need 100G etc. there are a 
lot of other options too.


Br,
EA


A fully licensed asr1001-hx (all 8 10G ports operational) w/ 5 years 
Cisco Smartnet support - GPL is around $220K.  Add your discount here. 
 Cheap is relative.


Regards,
Hank
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-22 Thread Mark Tinka via cisco-nsp





On 2/23/23 01:06, Thomas Scott wrote:


Yes - 400 Gbps throughput total If I recall correctly.


That's right - it's basically an MPC7E line card with a-third of the 
capacity, i.e., 1x 3rd generation Trio chip (Eagle).


Mark.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-22 Thread Mark Tinka via cisco-nsp




On 2/23/23 00:19, Eric Louie wrote:

Oh geez, I just realized I left a zero off the interface - we need 
100G interfaces both upstream (x1) and downstream (x2)


That probably changes the product choices a little bit.

Anyone with 100G Internet feeds want to let me know what you're using 
for a border router?  I saw one reply for Arista already.


Does the MX204 have 100GE interfaces and throughput?


For 100Gbps peering and transit, we have moved way from the MX480 to the 
MX204. This makes sense for us because we separate peering and transit, 
and you don't need a massive chassis to handle all of this if you peer 
or pick up transit in 2 or more locations.


Mark.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-22 Thread Thomas Scott via cisco-nsp

Yes - 400 Gbps throughput total If I recall correctly.

> The MX204 has four rate-selectable ports that can be configured as
100-Gigabit Ethernet ports or 40-Gigabit Ethernet ports, or each port can
be configured as four 10-Gigabit Ethernet ports (by using a breakout
cable). The MX204 also has eight 10-Gigabit Ethernet ports. The four
rate-selectable ports support QSFP28 and QSFP+ transceivers, whereas the
eight 10-Gigabit Ethernet ports support SFP+ transceivers

https://www.juniper.net/documentation/us/en/hardware/mx204/topics/concept/mx204-description.html

Best Regards,
-Thomas Scott


On Wed, Feb 22, 2023 at 5:19 PM Eric Louie via cisco-nsp <
cisco-nsp@puck.nether.net> wrote:

> Oh geez, I just realized I left a zero off the interface - we need 100G
> interfaces both upstream (x1) and downstream (x2)
> That probably changes the product choices a little bit.
> Anyone with 100G Internet feeds want to let me know what you're using for
> a border router?  I saw one reply for Arista already.
> Does the MX204 have 100GE interfaces and throughput?
> -e-
>
> Eric Louie
> 619-743-5375 Cell/text
> Stay in this moment, it's the only one you really have
> Take the time to be compassionate today
>
>
> On Wednesday, February 22, 2023 at 12:43:52 PM PST, Mark Tinka
>  wrote:
>
>
>
>  On 2/22/23 20:29, Eric Louie wrote:
>
>
>Mark, thanks.  We were quoted a MX304 for the Internet edge from
> Juniper.  How has your experience been with it?  are you 10G upstream and
> downstream?  Any IPS on the 10G connection?
>
>  The MX304 is not worth the money, for as long as the MX204 exists.
>
>
>
>
>   We tried an NCS-5501 and it was a disaster, in a word.  The 10G
> interface, uRPF, source-based blackholing, and routing table depth with
> Cisco is a limiting factor in their product line.
>
>  Broadcom-based systems should always be looked at with one eye open,
> i.e., test test test before you commit. This applies to any vendor, not
> just Cisco.
>
>  Mark.
>
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-22 Thread Eric Louie via cisco-nsp

Oh geez, I just realized I left a zero off the interface - we need 100G 
interfaces both upstream (x1) and downstream (x2)
That probably changes the product choices a little bit.
Anyone with 100G Internet feeds want to let me know what you're using for a 
border router?  I saw one reply for Arista already.  
Does the MX204 have 100GE interfaces and throughput?
-e-

Eric Louie
619-743-5375 Cell/text
Stay in this moment, it's the only one you really have
Take the time to be compassionate today
 

On Wednesday, February 22, 2023 at 12:43:52 PM PST, Mark Tinka 
 wrote:  
 
   
 
 On 2/22/23 20:29, Eric Louie wrote:
 
  
   Mark, thanks.  We were quoted a MX304 for the Internet edge from Juniper.  
How has your experience been with it?  are you 10G upstream and downstream?  
Any IPS on the 10G connection?   
 
 The MX304 is not worth the money, for as long as the MX204 exists.
 
 
 
   
  We tried an NCS-5501 and it was a disaster, in a word.  The 10G interface, 
uRPF, source-based blackholing, and routing table depth with Cisco is a 
limiting factor in their product line.   
 
 Broadcom-based systems should always be looked at with one eye open, i.e., 
test test test before you commit. This applies to any vendor, not just Cisco.
 
 Mark.
   
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-22 Thread Mark Tinka via cisco-nsp




On 2/22/23 20:29, Eric Louie wrote:

Mark, thanks.  We were quoted a MX304 for the Internet edge from 
Juniper.  How has your experience been with it?  are you 10G upstream 
and downstream?  Any IPS on the 10G connection?


The MX304 is not worth the money, for as long as the MX204 exists.




We tried an NCS-5501 and it was a disaster, in a word.  The 10G 
interface, uRPF, source-based blackholing, and routing table depth 
with Cisco is a limiting factor in their product line.


Broadcom-based systems should always be looked at with one eye open, 
i.e., test test test before you commit. This applies to any vendor, not 
just Cisco.


Mark.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-22 Thread zzif via cisco-nsp

22.2.2023, 21:02, Eric Louie wrote:

For a single 10G connection maybe even ASR1001-X, which is a really 
cheap and capable option. If you need more than four 10GE ports then 
there is ASR1002-HX, but I would go with the ASR9900 series after that.

Br,
EA

Is there any other platform in the ASR 1k family that supports 10G 
interfaces and (can be licensed for) 10G throughput and 4M routes?

I'll go look at the ASR-1001HX (is it still being sold?)

-e-

Eric Louie
619-743-5375 Cell/text
Stay in this moment, it's the only one you really have
Take the time to be compassionate today

On Wednesday, February 22, 2023 at 10:25:37 AM PST, zzif via cisco-nsp 
 wrote:

22.2.2023, 5:31, Eric Louie via cisco-nsp wrote:

For a 10G (or maybe 2x10G) Cisco ASR1001-HX is adequate, rock solid and
relatively cheap. If you have more budget, need 100G etc. there are a
lot of other options too.

Br,
EA

> Hi folks
> Recommendations and your experiences with an Internet border router 
for a 10G Internet connection, with DDoS service and unicast reverse 
path forwarding. Brand and model requested, if you have it, and bad 
experiences are ok, too.

>
>
> -e-
>
> Eric Louie
> 619-743-5375 Cell/text
> Stay in this moment, it's the only one you really have
> Take the time to be compassionate today
> ___
> cisco-nsp mailing list cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-22 Thread Nick Hilliard via cisco-nsp


Eric Louie via cisco-nsp wrote on 22/02/2023 18:29:

Mark, thanks.  We were quoted a MX304 for the Internet edge from
Juniper.  How has your experience been with it?  are you 10G upstream
and downstream?  Any IPS on the 10G connection?

Eric,

you're mixing up DFZ routing capability with traffic inspection.  If you 
need IPS functionality on top of exterior routing capability, then you 
need to get a router for routing and a firewall for the stateful content 
inspection.  If you want DDOS protection, then you need to think about 
how you want to approach this, e.g. upstream blackholing, DDOS 
mitigation service with GRE return path, or dropping traffic on the box 
using urpf (but that only gets you as much DDOS sinking capacity as the 
sum of your upstreams, so you'd need to question whether this was a 
useful approach).


NCS-5501 is an ok platform if you stay within its limitations. Lots of 
good use cases, but it's not really suitable for dfz functionality.


I'd concur with Mark's recommendation of Juniper MX204 as a 10G edge 
routing platform. MX304 is overkill for this application. The equivalent 
Cisco box for this market segment is the ASR9902, which is not cost 
competitive to the MX204.


Nick
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-22 Thread Eric Louie via cisco-nsp

Is there any other platform in the ASR 1k family that supports 10G interfaces 
and (can be licensed for) 10G throughput and 4M routes?
I'll go look at the ASR-1001HX (is it still being sold?)
-e-

Eric Louie
619-743-5375 Cell/text
Stay in this moment, it's the only one you really have
Take the time to be compassionate today
 

On Wednesday, February 22, 2023 at 10:25:37 AM PST, zzif via cisco-nsp 
 wrote:  
 
 22.2.2023, 5:31, Eric Louie via cisco-nsp wrote:

For a 10G (or maybe 2x10G) Cisco ASR1001-HX is adequate, rock solid and 
relatively cheap. If you have more budget, need 100G etc. there are a 
lot of other options too.

Br,
EA

> Hi folks
> Recommendations and your experiences with an Internet border router for a 10G 
> Internet connection, with DDoS service and unicast reverse path forwarding. 
> Brand and model requested, if you have it, and bad experiences are ok, too.
>
>
> -e-
>
> Eric Louie
> 619-743-5375 Cell/text
> Stay in this moment, it's the only one you really have
> Take the time to be compassionate today
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-22 Thread Gert Doering via cisco-nsp

hi,

On Wed, Feb 22, 2023 at 06:29:00PM +, Eric Louie via cisco-nsp wrote:
> We tried an NCS-5501 and it was a disaster, in a word.  The 10G interface, 
> uRPF, source-based blackholing, and routing table depth with Cisco is a 
> limiting factor in their product line.

Do not forget the licensing... "extra added value", and the bazaar style
price negotiations.

gert
-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
 Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany g...@greenie.muc.de


signature.asc
Description: PGP signature
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-22 Thread Eric Louie via cisco-nsp

Mark, thanks.  We were quoted a MX304 for the Internet edge from Juniper.  How 
has your experience been with it?  are you 10G upstream and downstream?  Any 
IPS on the 10G connection?
We tried an NCS-5501 and it was a disaster, in a word.  The 10G interface, 
uRPF, source-based blackholing, and routing table depth with Cisco is a 
limiting factor in their product line.
-e-

Eric Louie
619-743-5375 Cell/text
Stay in this moment, it's the only one you really have
Take the time to be compassionate today

On Wednesday, February 22, 2023 at 08:36:31 AM PST, Mark Tinka via 
cisco-nsp  wrote:  

On 2/22/23 05:31, Eric Louie via cisco-nsp wrote:

> Hi folks
> Recommendations and your experiences with an Internet border router for a 10G 
> Internet connection, with DDoS service and unicast reverse path forwarding. 
> Brand and model requested, if you have it, and bad experiences are ok, too.

Likely to be blasphemous, but we are focusing on the Juniper MX204 for 
this type of function, going forward.

On the Cisco side, I think the ASR9902 might be the closest 
competitor... but unless things have "improved", Cisco's latest 
licensing structure is rather bitter.

Mark.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-22 Thread zzif via cisco-nsp


22.2.2023, 5:31, Eric Louie via cisco-nsp wrote:

For a 10G (or maybe 2x10G) Cisco ASR1001-HX is adequate, rock solid and 
relatively cheap. If you have more budget, need 100G etc. there are a 
lot of other options too.


Br,
EA


Hi folks
Recommendations and your experiences with an Internet border router for a 10G 
Internet connection, with DDoS service and unicast reverse path forwarding. 
Brand and model requested, if you have it, and bad experiences are ok, too.


-e-

Eric Louie
619-743-5375 Cell/text
Stay in this moment, it's the only one you really have
Take the time to be compassionate today
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-22 Thread Mark Tinka via cisco-nsp





On 2/22/23 05:31, Eric Louie via cisco-nsp wrote:


Hi folks
Recommendations and your experiences with an Internet border router for a 10G 
Internet connection, with DDoS service and unicast reverse path forwarding. 
Brand and model requested, if you have it, and bad experiences are ok, too.


Likely to be blasphemous, but we are focusing on the Juniper MX204 for 
this type of function, going forward.


On the Cisco side, I think the ASR9902 might be the closest 
competitor... but unless things have "improved", Cisco's latest 
licensing structure is rather bitter.


Mark.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-22 Thread Barry Raveendran Greene via cisco-nsp


What ever the recommendations, require the vendor to deliver test data with all 
the features working together - under load - with a ACL/FIB values that 
reflects reality.


> On Feb 21, 2023, at 19:31, Eric Louie via cisco-nsp 
>  wrote:
> 
> Hi folks
> Recommendations and your experiences with an Internet border router for a 10G 
> Internet connection, with DDoS service and unicast reverse path forwarding. 
> Brand and model requested, if you have it, and bad experiences are ok, too.
> 
> 
> -e-
> 
> Eric Louie
> 619-743-5375 Cell/text
> Stay in this moment, it's the only one you really have
> Take the time to be compassionate today
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

42 matches

Mail list logo