NPE-G2 vs. Sup720-3BXL

Adam Armstrong lists at memetic.org
Thu May 21 03:55:45 CDT 2009


Julio Arruda wrote:
> Steve Dalberg wrote:
>> 2009/5/18 Adam Armstrong <lists at memetic.org>:
>>> David Storandt wrote:
>>>> We're stuck in an engineering pickle, so some experience from this
>>>> crew would be useful in tie-breaking...
>>>>
>>>> We operate a business-grade FTTx ISP with ~75 customers and 800Mbps of
>>>> Internet traffic, currently using 6509/Sup2s for core routing and port
>>>> aggregation. The MSFC2s are under stress from 3x full route feeds,
>>>> pared down to 85% to fit the TCAM tables. One system has a FlexWAN
>>>> with an OC3 card and it's crushing the CPU on the MSFC2. System tuning
>>>> (stable IOS and esp. disabling SPD) helped a lot but still doesn't
>>>> have the power to pull through. Hardware upgrades are needed...
>>>>
>>>> We need true full routes and more CPU horsepower for crunching BGP
>>>> (+12 smaller peers + ISIS). OC3 interfaces are going to be mandatory,
>>>> one each at two locations. Oh yeah, we're still a larger startup
>>>> without endless pockets. Power, rack space, and SmartNet are not
>>>> concerns at any location (on-site cold spares). We may need an
>>>> upstream OC12 in the future but that's a ways out and not a concern
>>>> here.
>>>>
>>>> Our engineering team has settled on three $20k/node options:
>>>> - Sup720-3BXLs with PS and fan upgrades
>>>> - Sup2s as switches + ISIS + statics and no BGP, push BGP edge routing
>>>> off to NPE-G2s across a 2-3Gbps port-channel
>>>> - Sup2s as switches + ISIS + statics and no BGP, push BGP edge routing
>>>> off to a 12008 with E3 engines across a 2-3Gbps port-channel.
>>>>
>>> Have a look at the ASR1002 + ESP5/10G
>>>
>>> Stable for BGP+ISIS as far as our experience goes.
>>>
>>> adam.
>>>
>>>
>>
>> ASR1002 + ESP5 was great for OSPF + BGP.  450M+ of traffic for me at
>> peek (proc at1-2%)
>>
>
> Any experience in how much more resilient is the ASR compared with 
> 7600/6500, DDoS-wise :-) ?
> And compared with NPE-G2 ?
> And in terms of CoPP and etc ?
The ASR's Quantum Flow processors scale quite unpredictably depending 
upon features, apparently, so it's difficult to say.

I'm expecting 5-7Gbps on the ESP10 with my usage (no complex features in 
use, just forwarding and Netflow), though I've little data to base that 
on. (ESP on one device currently reports 2-3% usage at ~200Mbit). It'll 
handle a DDoS much, much, much better than a 7201/NPE-G1, but much, 
much, much worse than a 65/7500 (even without DFCs).

We use several ASRs with one at each entry point to the network (each 
transit provider / peering exchange) to spread potention DDoS across a 
lot of processors, that approach is working well for us at the moment.

Our only real issue is that the Netflow implementation on the ASRs seems 
to be a little 'sensitive' to configuration changes and sometimes just 
stops exporting flows.

adam.







More information about the NANOG mailing list