NPE-G2 vs. Sup720-3BXL
Adam Armstrong
lists at memetic.org
Thu May 21 08:55:45 UTC 2009
Julio Arruda wrote:
> Steve Dalberg wrote:
>> 2009/5/18 Adam Armstrong <lists at memetic.org>:
>>> David Storandt wrote:
>>>> We're stuck in an engineering pickle, so some experience from this
>>>> crew would be useful in tie-breaking...
>>>>
>>>> We operate a business-grade FTTx ISP with ~75 customers and 800Mbps of
>>>> Internet traffic, currently using 6509/Sup2s for core routing and port
>>>> aggregation. The MSFC2s are under stress from 3x full route feeds,
>>>> pared down to 85% to fit the TCAM tables. One system has a FlexWAN
>>>> with an OC3 card and it's crushing the CPU on the MSFC2. System tuning
>>>> (stable IOS and esp. disabling SPD) helped a lot but still doesn't
>>>> have the power to pull through. Hardware upgrades are needed...
>>>>
>>>> We need true full routes and more CPU horsepower for crunching BGP
>>>> (+12 smaller peers + ISIS). OC3 interfaces are going to be mandatory,
>>>> one each at two locations. Oh yeah, we're still a larger startup
>>>> without endless pockets. Power, rack space, and SmartNet are not
>>>> concerns at any location (on-site cold spares). We may need an
>>>> upstream OC12 in the future but that's a ways out and not a concern
>>>> here.
>>>>
>>>> Our engineering team has settled on three $20k/node options:
>>>> - Sup720-3BXLs with PS and fan upgrades
>>>> - Sup2s as switches + ISIS + statics and no BGP, push BGP edge routing
>>>> off to NPE-G2s across a 2-3Gbps port-channel
>>>> - Sup2s as switches + ISIS + statics and no BGP, push BGP edge routing
>>>> off to a 12008 with E3 engines across a 2-3Gbps port-channel.
>>>>
>>> Have a look at the ASR1002 + ESP5/10G
>>>
>>> Stable for BGP+ISIS as far as our experience goes.
>>>
>>> adam.
>>>
>>>
>>
>> ASR1002 + ESP5 was great for OSPF + BGP. 450M+ of traffic for me at
>> peek (proc at1-2%)
>>
>
> Any experience in how much more resilient is the ASR compared with
> 7600/6500, DDoS-wise :-) ?
> And compared with NPE-G2 ?
> And in terms of CoPP and etc ?
The ASR's Quantum Flow processors scale quite unpredictably depending
upon features, apparently, so it's difficult to say.
I'm expecting 5-7Gbps on the ESP10 with my usage (no complex features in
use, just forwarding and Netflow), though I've little data to base that
on. (ESP on one device currently reports 2-3% usage at ~200Mbit). It'll
handle a DDoS much, much, much better than a 7201/NPE-G1, but much,
much, much worse than a 65/7500 (even without DFCs).
We use several ASRs with one at each entry point to the network (each
transit provider / peering exchange) to spread potention DDoS across a
lot of processors, that approach is working well for us at the moment.
Our only real issue is that the Netflow implementation on the ASRs seems
to be a little 'sensitive' to configuration changes and sometimes just
stops exporting flows.
adam.
More information about the NANOG
mailing list