Software-based Border Router
Nathanael C. Cariaga
nccariaga at stluke.com.ph
Sun Sep 26 05:15:20 CDT 2010
Thank you for the prompt response. Just to clarify my previous post, I was actually referring to Linux/Unix-based routers. We've been considering this solution because presently we don't have any budget for equipment acquisition this year.
To be honest, I came across Vyatta Core while searching for viable Linux/Unix-based solution that we can adopt and I'm currently reading its reference guides. Has anyone here used this software before?
Thanks a lot.
----- Original Message -----
From: sthaug at nethelp.no
To: nccariaga at stluke.com.ph
Cc: nanog at nanog.org
Sent: Sunday, September 26, 2010 5:59:21 PM
Subject: Re: Software-based Border Router
> Just want to ask if anyone here had experience deploying software-based routers to serve as perimeter / border router? How does it gauge with hardware-based routers? Any past experiences will be very much appreciated.
Software based routers (e.g. Cisco 7200 series) have been used as border
routers for many years - this is hardly anything new. The question you
should ask is probably: Can such a router handle a full link's worth of
DDoS using minimum sized packets? The answer, of course, depends on your
link capacity, the router itself, features enabled (ACLs, QoS, ...) etc.
There are quite a few people using Quagga based boxes running Linux or
FreeBSD as border routers - this is a possible solution too, giving
you more bang for the buck than a traditional software based router from
the big vendors. Make sure you have enough expertise for the relevant OS
and routing software available.
Steinar Haug, Nethelp consulting, sthaug at nethelp.no
More information about the NANOG