vyatta for bgp

Owen DeLong owen at delong.com
Mon Sep 12 14:45:18 CDT 2011


On Sep 12, 2011, at 12:35 PM, Nick Hilliard wrote:

> On 12/09/2011 20:08, Michael K. Smith - Adhost wrote:
>> How do you come to this conclusion?  I think a software-based router for
>> enterprise level (let's say on the 1G per provider level) can handle a
>> fair amount of zorching.
> 
> I presume by "a fair amount", I presume you mean "barely any"?
> 
> At large packet sizes, an "enterprise level" router will just about handle
> a 1G DoS attack.  Thing is, bandwidth DoS / DDoS is sufficiently easy to
> pull off on a large scale that a 1G DoS is pretty easy.
> 
> Incidentally, most service providers use "enterprise level" as a by-word
> for mediocre quality kit, lacking in both stability and useful features.
> 
> Nick

In your typical enterprise environment, a 1G DoS will zorch the link long
before it zorches the router at the enterprise side.

I agree that software-based routers are not a good choice for a backbone
provider, but, for an enterprise that is dealing with <1gbps links coming
in from ≤3 providers, the difference in cost makes a software router an
attractive option in many cases.

Of course it is important to understand the limitations of the solution you
choose, but, in such an environment, a USD100,000+ ASIC based router
may be like trying to kill a mosquito with a sledge hammer.

Owen

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2105 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20110912/02d02ef4/attachment.bin>


More information about the NANOG mailing list