Advice regarding Cisco/Juniper/HP

Brent Jones brent at
Mon Jun 21 20:18:41 UTC 2010

On Sat, Jun 19, 2010 at 7:52 AM, Pavel Skovajsa
<pavel.skovajsa at> wrote:
> To emphasise more this subject, the technical support HP Procurve is
> providing (for free) is more consumer level and in my opinion is one of the
> key differentiators from teams like Cisco TAC. Here is a short laundry list
> of my experience:
Trimming your post, apologies
> -pavel skovajsa

I would have to agree with your points. We have about a dozen HP
switches, mostly 3500YL's performing light layer3 duties, and
migrating to some 10Gbit modules for the access layer.
We have had several issues with packet loss on the HP's, in particular
a bug more than 2 years old and still unresolved on the 2600's, 2900's
and 3500's:
When you SSH into those models of HP switches, the SSH negotiation
uses 100% of the host processor, and will block out pings, and upper
layer services such as OSPF and VRRP. A single SSH sessions won't
likely make an impact, but we have some monitoring applications that
hit SSH frequently, and can 100% reliably freeze those models of HP
switches with just 2-3 SSH login attempts.
Imagine that, a switch that will lock up when SSH'ing to it, fun isn't
it? We had to rethink some of our extended monitoring for the HP's, we
originally wanted to use SNMP, but their provided MIB files are
formatted so badly only HP Openview will read them without a lot of

Next is 10Gb. We bought their new SFP+ 10Gb modules for the 3500YL's,
and for more than 6 months, they didn't have any stable firmware to
support those modules. They would send us engineering builds of the
firmware with massive regressions and new bugs. It was until June 10th
or so when they officially released firmware for the 10Gb SFP+ modules
for the 3500's.

While the HP CLI is different than Cisco's, it is easy to use and will
be familiar to anyone with about a day of learning the differences,
however the CLI is also limited as you said. Debug and troubleshooting
output is almost non-existent, I don't believe their programmers had
any idea of what a production level network wants to see. Their fiber
interfaces do not expose any SNR, transmit power, heat, or load to the
CLI or any management software. SO if you are fiber heavy, to diagnose
anything be prepared to take down links to gather even the most basic
information with separate troubleshooting hardware.

All in all, if you have a small network, maybe half a dozen switches,
require no stacking, no fiber, and no 10Gb on a large scale, HP will
work. But as far as being affordable, their licensing costs for OSPF
and VRRP are insane. You'd be better off paying slightly more at that
point and going with Juniper or Cisco.

To the OP, I lost the fight with our head of IT on the HP vs. others
on networking, and I deeply regret it. If you are already familiar
with Juniper and Cisco, pick your favorite and not use HP.

Brent Jones
brent at

More information about the NANOG mailing list