CPE that support 1G with BGP multihomed

• Previous message (by thread): CPE that support 1G with BGP multihomed
• Next message (by thread): Nanog attendees are invited to Friday Lunch at the Internet Archive (in,San Francisco) and a tour...
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 09/26/17 06:29, marcel.duregards--- via NANOG wrote:
> Dear Nanoger,
>
> Anyone have an advice on CPE which can support the following features,
> please:

I've been building cpe devices using various models from 
http://www.lannerinc.com.

I populate with Debian linux:.  I use pxeboot to autoboot into install 
mode with dnsmasq providing deb-install preseed build files.  On the 
auto reboot after o/s install, I finish up with consistent, documented 
builds with SaltStack.  This provides the necessary customized 
switching, routing, security, and monitoring.

Raymond Burkholder
https://blog.raymond.burkholder.net
441 705 7292


> 1)
> 1 Gigabits/s ipv4 or ipv6 forwarding IMIX or Internet traffic, full
> duplex (not sure if cisco or miercom are conducting bidirectionals
> traffic flows at the same time).

With an FW-7543, I can iperf bidirectional 1gbps with no acl.  I can get 
strongswan ipsec bidirectional at about 50mbps (the cpu has AES-NI).  I 
havn't tried ipsec on devices like the FW-7573.

>
> 2)
> with ACLs and with uRPF
> with prefix filtering
> with bgp ext-communities (rfc 8092 would be a ++, but not mandatory)

I can customize configs with various combinations of VRRP, 
FreeRangeRouting BGP/OSPF (full routes are no problem), nftables for 
ACL, lldpd, hostapd for wireless, openvswitch for bridging 
requirements/netflow/sflow ...

The linux kernel supplies uRPF.  FreeRangeRouting (a fork of Quagga) can 
do prefix filtering, ext-communities, etc.  They have even recently 
implemented EVPN using VxLAN for encapsulation.

> 3)
> with BGP full route, 1 eBGP session + 1 iBGP  (--> multihomed, single
> attached solution, so there is 2 CPE connected to 2 bgp transit))
I've used the FW-7543 in pairs to a customer for this:  a management 
port,  a port between the two, an upstream port, and a downstream port.
> 4)
> vrf light and
> SNMP + telnet/ssh with ACLs
Linux kernel has VRF capabilities, or use namespaces or native 
containers for segregation of functions or for implementing virtual 
functions.
>
>
> Currently on Cisco side, we see the following candidates:
>
> - ASR 1001-x
> - ASR 1002
> - ISR 4431, 4451
> - ISR G2 2921 + 2951 + 3925(E)  (EoL soon, so we are currently in the
> process of evaluating other solution).
>
>
> But we would like also to include other manufacturer : juniper, mikrotik
> , etc....
>
>


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

• Previous message (by thread): CPE that support 1G with BGP multihomed
• Next message (by thread): Nanog attendees are invited to Friday Lunch at the Internet Archive (in,San Francisco) and a tour...
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]