scaling linux-based router hardware recommendations
baldur.norddahl at gmail.com
Tue Jan 27 11:56:29 UTC 2015
I propose the hybrid solution:
A device such as the ZTE 5960e with 24x 10G and 2x 40G will set you about
USD 6000 back.
This thing can do MPLS and L3 equal cost multiple path routing. With that
you can load balance across as many software routers as you need.
It also speaks BGP and can accept about 10k routes. So maybe you could
consider if the full table is really worth it.
It would be possible to have your software router speak BGP with the
neighbors and use next hop to direct the traffic directly to the switch. Or
use proxy arp if the peer does not want to allow you to specify a different
next hop than the BGP speaker. This way your software router is only moving
outgoing packets. Inbound packets will never go through the computer, but
will instead be delivered directly to the correct destination by hardware
If you are an ISP, you will often have more inbound traffic so this very
useful. Also the weak point of the software router is denial of service
attacks with small packets. The attacks are likely from outside your
network so your software router will not need to route it.
We need someone to code a BGP daemon, that will export the 5k most used
routes to the switch. This way you can have the switch deliver the majority
of the traffic directly to your peers.
If you are a service provider, much of your traffic is outbound. Put your
servers or multiple routers/firewalls on the same vlan as your transit.
Then add static host routes for next hop on all servers. This way you can
have as many servers as you need to deliver traffic directly. You can run
iBGP on all the servers, so every server knows how to route outbound by
itself. MPLS would also be useful for this instead of vlan, but there is no
good MPLS implementation for Linux.
More information about the NANOG