Vyatta as a BRAS

• Previous message (by thread): Vyatta as a BRAS
• Next message (by thread): Vyatta as a BRAS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Jul 13, 2010, at 10:58 PM, Joe Greco wrote:
> > It's interesting.  One can get equally militant and say that hardware bas=
> ed routers are irrelevant in many applications.=20
> 
> When BCPs are followed, they don't tend to fall over the moment someone hit=
> s them with a few kpps of packets - which should be a key criteria for an e=
> dge device.
> 
> The same can't be said of software-based devices.

That's just a completely ignorant statement to make.  I notice in
particular how carefully you qualify that with "[w]hen BCPs are 
followed"; the fact that hardware router manufacturers have declared
everything and anything that derails their bullet trains as "not a
BCP" is a perfect example of this deceptive sort of misinformation.

There are plenty of FreeBSD based devices out there that are passing
tons of traffic; almost any of them are more competent than any Cisco
router I'm aware of when hitting them directly with traffic, since 
the CPU's on your average Cisco are pretty flimsy, the CPU on a 
FreeBSD box is going to be fairly current tech, and the code on a
FreeBSD box is going to have been designed to defend against such 
attacks because things like IRC server operators often don't have 
the luxury of hiding their device management on a protected net.

The fact of the matter is that the way that most "hardware" platforms
try to survive a DoS attack against their control plane is through 
hardware filtering; to the extent that that works, it's going to be
pretty effective.  However, if we're going to allow for that, then we
have to allow the software platform to defend itself with a firewall
as well, and once you do that, on both platforms, what actually
happens in the end is that both devices can successfully defend at
gigabit speeds, but you start losing traffic because you're filling
the inbound pipe.

Or, put another way:

"When BCP's are followed, software devices don't tend to fall over the
moment someone hits them with a few Mpps of packets either."

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.

• Previous message (by thread): Vyatta as a BRAS
• Next message (by thread): Vyatta as a BRAS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]