vyatta for bgp

Jimmy Hess mysidia at gmail.com
Tue Sep 13 01:48:31 UTC 2011


On Mon, Sep 12, 2011 at 2:35 PM, Nick Hilliard <nick at foobar.org> wrote:
> I presume by "a fair amount", I presume you mean "barely any"?
> At large packet sizes, an "enterprise level" router will just about handle
> a 1G DoS attack.  Thing is, bandwidth DoS / DDoS is sufficiently easy to
[snip]
How much "zorching" a software router can take  depends on a lot of factors.
If the hardware necessary to size appropriately for the link is
economical and sufficient,
zorching is not the largest concern.   1G link speed and 100M  link
speed offer very different
worst-case scenarios;  the link can be zorched long before the router is.

A software router running in a 32bit OS on an old Pentium 4   can take
a lot less zorching than a router running
on a server with  6-core  4Ghz  CPUs,  when interrupt coalescing is
present and utilized efficiently.

Hardware basic routers have a lower forwarding latency,  which makes
them more suitable for
ISP/carrier  networks,  the "hop delay" penalty is lower,  and  jitter
might be a concern on a router running
a non real-time OS such as a vanilla Linux kernel or other OS not
specially designed for the router task,
but there's otherwise nothing wrong with appropriately specc'ed
software forwarders.


One thing..  the OP was asking about anyone using Vyatta for BGP.
Using Vyatta for BGP doesn't necessarily mean the Vyatta unit is
actually a device
forwarding the packets...  someone could be using it as a route server, or for
otherwise populating forwarding  tables of other devices with
third-party next hops :-)


--
-JH




More information about the NANOG mailing list