Have anyone tried Vyatta router instead of a Cisco 7200 as BRAS for adsl
customers?
If so, what model? do you recommend it?
BR
Sharef
On Jul 13, 2010, at 1:34 PM, Sharef Mustafa wrote:
do you recommend it?
My comment would be that a software-based BRAS - 7200, Vyatta, et. al. - is no
longer viable in today's Internet, and hasn't been for years, due to
security/availability concerns. Same for peering/transit edge,
On 13/07/2010, at 4:50 PM, Dobbins, Roland wrote:
On Jul 13, 2010, at 1:34 PM, Sharef Mustafa wrote:
do you recommend it?
My comment would be that a software-based BRAS - 7200, Vyatta, et. al. - is
no longer viable in today's Internet, and hasn't been for years, due to
My comment would be:
That is simply matter of opinion and opinions may be swayed depending on the
market that signs your check? :)
There have been a fair share of appliance bugs/sec vulnerabilities over the
years as well.
I agree software-based deployments have their flaws but I do not agree
On Jul 13, 2010, at 3:00 PM, khatfi...@socllc.net wrote:
I agree software-based deployments have their flaws but I do not agree that
it cannot be managed securely with comparable or exceeding uptime -vs- a drop
in appliance. I firmly believe it has it's place in 'today's internet'.
When a
Hi
I working on a solution to offload my current internet facing, and soon
to be backbone, routers from terminating IBGP sessions from aggregation
network routers. I currently have 4948s (pizza box version of the
cat4500) in place, mostly bridging traffic, but some routing (OSPF,
couple dozen
On the subject of route reflection, I've run into a few people happy with
Quaggo or openBGPd on intel hardware. You can throw a 1U box together with
dual PSUs, a bunch of ram, and SSD/CF disks for far less than a C or J setup
and won't be wasting money on ASICs you aren't using. If I recall
On 2010.07.13 10:06, Jack Carrozzo wrote:
On the subject of route reflection, I've run into a few people happy with
Quaggo or openBGPd on intel hardware. You can throw a 1U box together with
dual PSUs, a bunch of ram, and SSD/CF disks for far less than a C or J setup
and won't be wasting money
On 13 Jul 2010, at 15:06, Jack Carrozzo wrote:
On the subject of route reflection, I've run into a few people happy with
Quaggo or openBGPd on intel hardware. You can throw a 1U box together with
dual PSUs, a bunch of ram, and SSD/CF disks for far less than a C or J setup
and won't be
On 7/13/2010 2:56 AM, Truman Boyes wrote:
On 13/07/2010, at 4:50 PM, Dobbins, Roland wrote:
On Jul 13, 2010, at 1:34 PM, Sharef Mustafa wrote:
do you recommend it?
My comment would be that a software-based BRAS - 7200, Vyatta, et. al. - is no
longer viable in today's
On 7/13/2010 4:53 AM, Dobbins, Roland wrote:
On Jul 13, 2010, at 3:00 PM,khatfi...@socllc.net wrote:
I agree software-based deployments have their flaws but I do not agree that it
cannot be managed securely with comparable or exceeding uptime -vs- a drop in
appliance. I firmly believe
They are all software based, no matter who builds them. Cisco IOS,
Juniper JunOS, etc.
controlling hardware asic's and fpga's.
-g
On Jul 13, 2010, at 11:11 AM, Greg Whynott wrote:
They are all software based, no matter who builds them. Cisco IOS,
Juniper JunOS, etc.
controlling hardware asic's and fpga's.
Which are in essence software burned into chips. They can provide some
acceleration, but will the next
On Tuesday, July 13, 2010 11:11:57 am Greg Whynott wrote:
They are all software based, no matter who builds them. Cisco IOS,
Juniper JunOS, etc.
controlling hardware asic's and fpga's.
That run low level software microcode and bitstreams. Sorry, it's software
running those ASIC's and
On 7/13/2010 11:11 AM, Greg Whynott wrote:
They are all software based, no matter who builds them. Cisco IOS,
Juniper JunOS, etc.
controlling hardware asic's and fpga's.
In a PIX, its a Pentium 4. I've also been in other routers that use
PowerPC. It depends on the
On Tuesday, July 13, 2010 04:53:55 am Dobbins, Roland wrote:
When a single botted/misbehaving host easily can take down a software-based
BRAS, that's a pretty strong indication that software-based edge devices are
contraindicated, heh.
I'm assuming you have data on that assertion, right?
My comment would be that a software-based BRAS - 7200, Vyatta, et.
al. - is no longer viable in today's Internet, and hasn't been for
years, due to security/availability concerns. Same for peering/
transit edge, customer aggregation edge, et. al.
A low cost 7200 or ERX-310 would
On Jul 13, 2010, at 10:58 PM, Joe Greco wrote:
It's interesting. One can get equally militant and say that hardware based
routers are irrelevant in many applications.
When BCPs are followed, they don't tend to fall over the moment someone hits
them with a few kpps of packets - which
Sorry, it's software running those ASIC's and FPGA's, even at that level
Sorry ..Its a clock that runs ASIC's and FPGA's
HDL is simply used to describe functionality before synthesis tools
translate the design into real hardware (gates and wires)
- Original Message -
From: Lamar
On Tue, 13 Jul 2010 23:31:25 +0700, Christian Chapman said:
Sorry, it's software running those ASIC's and FPGA's, even at that level
Sorry ..Its a clock that runs ASIC's and FPGA's
And how many clockless CPU's have we seen so far?
pgpZRV93nKbv1.pgp
Description: PGP signature
--- rdobb...@arbor.net wrote:
When BCPs are followed, they don't tend to fall over the moment someone hits
them with a few kpps of packets - which should be a key criteria for an edge
device.
---
I'm guessing a few kpps of packets is
I haven't done real world testing with Vyatta but we consistently pass 750KPPS+
without the slightest hiccup on our FreeBSD routing systems.
Correct hardware with the right configuration can make all of the difference.
-Original Message-
From: Dobbins, Roland rdobb...@arbor.net
Date:
On Jul 14, 2010, at 12:39 AM, khatfi...@socllc.net khatfi...@socllc.net
wrote:
I haven't done real world testing with Vyatta but we consistently pass
750KPPS+ without the slightest hiccup on our FreeBSD routing systems.
750kpps packeting the box itself?
Also, note that kpps is a small
On Jul 14, 2010, at 12:31 AM, Scott Weeks wrote:
I'm guessing a few kpps of packets is tounge-in-cheek? Entry level script
kiddies can get to a few hundred kpps easily.
That's what I meant - even a very small botnet can easily overwhelm
software-based edge routers.
Joe Greco wrote:
This isn't a new issue. Quite frankly, software routers have some very
great strengths, and also some large weaknesses.
Advocates of hardware based solutions frequently gloss over their own
weaknesses.
Let's talk plainly here.
I'm not going to touch on things like Cisco's
On Jul 14, 2010, at 1:02 AM, Matthew Kaufman wrote:
Dangerous in places where forwarding table
exceeds hardware cache limits. (See Code Red worm stories)
During the Code Red/Nimda period (2001), and on into the Slammer/Blaster/Nachi
period (2003), all the routers I personally know of which
Routing.
We can route that. If it were targeting the box itself it would depend if the
attack were getting through.
Certainly iptables can't handle something like that but pf does well with high
PPS rates. If it were all 'DROP' traffic then likely higher. If it were hitting
the box directly
On Jul 14, 2010, at 1:29 AM, khatfi...@socllc.net wrote:
We were talking about routing though.
I was talking about packeting the boxes directly, apologies for being unclear -
that's what I meant when I said that the era of software-based edge boxes is
long past.
In that case you are entirely accurate. If you were to use Vyatta
(linux-based) systems for this then you would likely need additional
infrastructure to firewall or zone it to ensure it can't be hit directly.
Depending on what all it has running and the configuration it could be
firewalled
On 13/07/2010 16:07, Curtis Maurand wrote:
On 7/13/2010 4:53 AM, Dobbins, Roland wrote:
When a single botted/misbehaving host easily can take down a
software-based BRAS, that's a pretty strong indication that
software-based edge devices are contraindicated, heh.
Software-based edge devices
Hi folks,
On Jul 13, 2010, at 12:05 PM, Nick Hilliard wrote:
I think Roland's point was that on hardware routers, there is a
separation of function between the control and the forwarding planes, and
that the forwarding plane is designed to be able to transmit data in an
efficient parallel
On Tue, 13 Jul 2010 18:11:45 -, Dobbins, Roland said:
During the Code Red/Nimda period (2001), and on into the Slammer/Blaster/Nachi
period (2003), all the routers I personally know of which were adversely
affected were software-based, didn't make use of ASICs for forwarding.
Cisco
On Tuesday, July 13, 2010 03:02:21 pm khatfi...@socllc.net wrote:
In that case you are entirely accurate. If you were to use Vyatta
(linux-based) systems for this then you would likely need additional
infrastructure to firewall or zone it to ensure it can't be hit directly.
Much like COPP
--- On Tue, 7/13/10, valdis.kletni...@vt.edu valdis.kletni...@vt.edu wrote:
I wasn't aware that the 7206 and M20 classified as
software-based.
No weasel words necessary.
I won't speak for the M20, but I've always thought of the 7206 as a
software-routing platform - it's a pretty good
On 7/13/10 10:56 AM, Dobbins, Roland wrote:
On Jul 14, 2010, at 12:39 AM, khatfi...@socllc.net
khatfi...@socllc.net wrote:
I haven't done real world testing with Vyatta but we consistently
pass 750KPPS+ without the slightest hiccup on our FreeBSD routing
systems.
750kpps packeting the
I think the issue, is that don't expect to build your own router using
linux/bsd etc..
There are too many kernel parameters to tweak to make it optimal (unless a
suboptimal router is ok with your environment)
You need people that understand network and the appliance they sell you.
Why Cisco
On Tuesday, July 13, 2010 12:31:25 pm Christian Chapman wrote:
Sorry, it's software running those ASIC's and FPGA's, even at that level
Sorry ..Its a clock that runs ASIC's and FPGA's
HDL is simply used to describe functionality before synthesis tools
translate the design into real hardware
On Jul 13, 2010, at 10:58 PM, Joe Greco wrote:
It's interesting. One can get equally militant and say that hardware bas=
ed routers are irrelevant in many applications.=20
When BCPs are followed, they don't tend to fall over the moment someone hit=
s them with a few kpps of packets -
On Jul 14, 2010, at 3:26 AM, Tony Li wrote:
The whole point about being DoS resistant is one of horsepower. To do DoS
protection correctly, you need to be able to do packet examination at line
rate.
Right. And to date, such routers make use of ASICs - i.e., 'hardware-based'
routers, in
On Jul 14, 2010, at 4:03 AM, valdis.kletni...@vt.edu wrote:
I wasn't aware that the 7206 and M20 classified as software-based.
7200 certainly is - I'm not familiar with the minutiae of Juniper boxes, but I
believe the M20 is hardware-based. In the classic report you cite, the issue
with the
On 14/07/10 02:18 +, Dobbins, Roland wrote:
On Jul 14, 2010, at 3:26 AM, Tony Li wrote:
The whole point about being DoS resistant is one of horsepower. To do
DoS protection correctly, you need to be able to do packet examination
at line rate.
Right. And to date, such routers make use
On Jul 14, 2010, at 5:45 AM, Joe Greco wrote:
That's just a completely ignorant statement to make.
It's based on a great deal of real-world experience; I'm sorry you consider
that to be 'ignorant'.
I notice in particular how carefully you qualify that with [w]hen BCPs are
followed; the
On Jul 14, 2010, at 9:31 AM, Dan White wrote:
has the appearance of you struggling to hold on to an idea that may have been
more true in the past,
It's true today, and I'm not 'struggling to hold' onto anything. Take any
software-based router from Cisco or Juniper or whomever (if Juniper
43 matches
Mail list logo