Vyatta as a BRAS

• Previous message (by thread): Vyatta as a BRAS
• Next message (by thread): Vyatta as a BRAS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> I briefly browsed the links and I didn't see any traffic profiles included.
> 
> If you are talking about pushing x mbps with no specifics and/or general 
> traffic, I think most of us agree you can do that easily and probably 
> consistently without any issues.  And for some icing, you may even do it at 
> <90% average CPU util.  Does that mean it should be an edge device at any 
> service provider?  No.  Some?  Sure.

Those last two words are the point I've been trying to make.  If you'll
recall, Roland said flat out that that wasn't the case.

> Can you point to any specific tests of attack vectors and/or traffic 
> profiles with: CPU utilization, packet loss levels and pps/mbps/etc data? 

Not without doing the work; I have no plans to do the work for free just
to prove a point on NANOG.  I have Real Work to do.

> The reason I ask is that Roland is in a specific business and has a specific 
> point.

Sure, and I'm making the point that this point isn't universally true in
the way Roland would like to paint it.

> As a side, were those 2 VMs on the same box?  That traffic out on the wire? 
> What's the traffic profile?

Yes, no (just between vm's), just sheer UDP blasting of both the vservers
from the other (mutual attack) with ports both closed and opened.  Since
Roland's point seems to be that the availability of the platform is
impacted by an attack on the control plane (in this case, for all
reasonable intents and purposes, that would appear to be the host OS's
addresses), I didn't really feel it necessary to get particularly
complicated, and just tested the control plane availability theory.

My point is that a randomly created *virtual* machine can absorb a 
>100Mbps attack on it at minimum packet size without blinking, while
simultaneously delivering such an attack, in the spare CPU cycles of
a vm host that has dozens of hosts on it.  It's meant to suggest that
what Roland is selling includes a healthy dose of FUD; I, on the other
hand, am happy to concede that at a certain point, the hardware stuff
is going to be more effective.  It'd be nice if Roland could concede
that software-based routers have some advantages and some reasonable 
use profiles.

For example, for a provider whose entire upstream capacity is 1Gbps, I
have a hard time seeing how a Linux- or FreeBSD-based box could credibly
be claimed not to be a suitable edge router.

The problem with Roland's statement is its absoluteness; I have a much
easier side to argue, since I merely need to explain one case where the
use profile does not result in failure, and there are many to choose
from.

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.

• Previous message (by thread): Vyatta as a BRAS
• Next message (by thread): Vyatta as a BRAS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]