Force10 Gear - Opinions

Paul Wall pauldotwall at
Thu Sep 4 02:47:01 CDT 2008

On Wed, Sep 3, 2008 at 8:28 PM, Jo Rhett <jrhett at> wrote:
> For equivalent redundancy and ports, the Force10 is always cheaper - even
> just in list price. (on the E-series -- Cisco has some cheaper options than
> the S-series so I've heard - don't care)

Some food for thought, comparing apples to apples...

CH-E300-BNA8-L $35,000.00
E300 110V AC Terascale Chassis Bundle: 6-slot E300 chassis
with 400 Gb backplane, fan subsystem, 3 AC Power Supplies
(CC-E300-1200W-AC) 1 Route Processor Module (EF3), 2
Switch Fabric Modules
LC-EF3-1GE-24P $30,000.00
E300 Terascale 24-port Gigabit Ethernet line card - SFP optics
required (series EF3)
CC-E300-1200W-AC $4,000.00 E300 1200W/800W AC Power Supply
CC-E-SFM3 $12,500.00 E-Series Switch Fabric Module
LC-EF3-RPM $30,000.00E300 Terascale Route processor module (series EF3)
** BASIC CONFIG WITH 24 GIG-E (SFP PORTS): $65000.00 (USD) **

WS-C6503-E	Catalyst 6500 Enhanced 3-slot chassis,4RU,no PS,no Fan Tray	2500
WS-SUP720-3BXL=	Catalyst 6500/Cisco 7600 Supervisor 720 Fabric MSFC3
PFC3BXL	40000
WS-X6724-SFP=	Catalyst 6500 24-port GigE Mod: fabric-enabled (Req. SFPs)	15000
WS-CAC-3000W=	Catalyst 6500 3000W AC power supply (spare)	3000
PWR-950-DC=	Spare 950W DC P/S for CISCO7603/Cat 6503	1245
WS-C6503-E-FAN=	Catalyst 6503-E Chassis Fan Tray	495
** BASIC CONFIG WITH 24 GIG-E (SFP PORTS) (not counting two bonus
ports on Sup :) 62240.00 (USD) **

Please realize that the above is list vs. list.  Cisco 6500 series
hardware is extremely popular in the secondary market, with discounts
of 80% or greater on linecards, etc common, furthering the argument
that Cisco is the cheaper of the two solutions.

>>>> As a box designed with the enterprise datacenter in mind, the E-series
>>>> looks to be missing several key service provider features, including
>>>> MPLS and advanced control plane filtering/policing.
>>> Ah, because Cisco does either of these in hardware?
>> Yes, they do, on the s720-3B and better.
> No, they don't.  There are *no* *zero* providers doing line-speed uRPF on
> Cisco for a reason.  Stop reading, start testing.

Cisco absolutely does MPLS and control-plane policing in hardware on
the SUP720 (3B and higher), ditto uRPF.  Force 10 doesn't even support
the first two last I checked!

On the subject of uRPF, it's true, Cisco's implementation is less than
ideal, and is not without caveats.  Nobody seems to get this right,
though Juniper tries the hardest.   Practically speaking, it can be
made to work just fine.  Possible solutions commonplace among larger
tier 1/2 providers include having your OSS auto-generate an inbound
access-list against a list of networks routed to the customer, or just
applying a boilerplate "don't allow bad stuff" filter on the ingress.

uRPF strict as a configuration default, on customers without possible
asymmetry (multihoming, one-way tunneling, etc) is not a bad default.
But when the customers increase in complexity, the time might come to
relax things some.  It's certainly not a be-all-end-all.  And it's
been demonstrated time after time here that anti-spoof/bogon filtering
isn't even a factor in most large-scale attacks on the public Internet
these days.  Think massively sized, well connected, botnets.  See also
CP attacks (which, again, the F10 can't even help you with).

Drive Slow,
Paul Wall

More information about the NANOG mailing list