vyatta for bgp

Deepak Jain deepak at ai.net
Tue Sep 13 19:54:52 UTC 2011

In a message written on Mon, Sep 12, 2011 at 06:56:26PM +0000, Dobbins, Roland wrote:
> The days of public-facing software-based routers were over years ago - you need an ASIC-based edge router, else you'll end up getting zorched.

Some enterprises get MPLS L3 VPN service from their providers, and need boxes that can route packets to it and speak BGP to inject their routes.  They are not, per se, connected to the Internet, and thus won't be "zorched", at least in the sense you are using it.

Also, many enterprises get DS-3, Cable Modem, or 100M Ethernet handoffs, and won't ever get a faster "zorch" due to link speed.


Picking up on what Leo wrote:

I think the OP stated he is using less than 10M (or a few T1s or something). The term Enterprise covers a lot of ground from SMEs to LBs. 

It's important to clarify that no router is perfect and all of them are sufficiently complex beasties to fully understand your problem/solution set. 

Software routers are simpler in that almost all of their complexities lie in their CPU/bus/interrupt limitations and provided you haven't hit those limits the software can do just about anything you ask of it. 

Hardware-assisted routers are promised to move lots and lots of pps and tolerate all kinds of bad behavior -- with all kinds of caveats, like control plane policing, understanding the minutiae of their ASIC design/layout and of course various oddities in their software configurations and releases (turn this on, but not with that, if you want this feature to work). 

Without rehashing 20+ years of collective knowledge & caveats on hardware-assisted routers, smaller guys who want to test their approach to purchasing need some kind of answer better than "it depends".

Even though "it depends"  (based on total uplink speeds), here are my suggestions:

<200 mb/s a circa 2010+ software router, even talking to the internet as a whole, is probably fine, even to run BGP. You may have some weird edge cases where you can be attacked, but your pipe will probably limit you. At this level, you can also lean on your ISP to help if you get into a jam.

200mb/s to 2Gb/s , your software router may keep up, and you need to start considering hardware assisted routing and a stiff breeze could make your router fall over. More time will be required to tune your software router that could be better spent elsewhere. At the higher end of this range, your ISP is less able to help you (filter good traffic from bad) and you need to be able to do some of this in your router. Pipe speed is less of an issue and you can have badly behaved traffic that "zorches" you at far less than link speed.

2Gb/s +, your software solution is a dead duck or an accident waiting to happen. You will be victim to oddities related to inconsistent performance, jitter, and of course malicious attacks. You probably want more advanced traffic and profiling features a hardware platform allows you (at wire speed) too.  Your ISP's hardware router will only do what you ask (nicely) for your ISP to do... and even that is limited. You are basically "big enough" to manage these connections on your own and should have equipment and staff available to do so.

I just took a stab at the ranges and the concepts, only limited to the OP's context and directed at "Enterprise" customers. ISP's probably can't use these limits for their own router solution/sizing -- and we all know that ISPs vary in quality, especially at 4am when you are being DOS'd....so ymmv.


Deepak Jain

More information about the NANOG mailing list