nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos

Pedro piotr.1234 at interia.pl
Sat Oct 1 07:03:26 UTC 2016


We had situations, that we lost all our bgp sessions, not even only on 
ports where flood was coming. Just cpu overloaded. I don't care about 
support too much, there are cheap enough to have spare. Soft is mature 
with known bugs so i assume that this risk are accepted. Bigger problem 
for me is technical details about features, which i desribed in my first 
post. Most of this features i tested on trident2 chipset extreme 670, it 
works but with problems and some limits. Now i have to change vendor. 
Really wondering what can i get from N3K-C3064PQ, its also build on 
trident2 AFAIK

thanks for answers,
Pedro


W dniu 2016-09-30 o 22:50, Matt Freitag pisze:
> Pedro,
>
> Please also keep in mind that the Juniper EX4500 is an end of life
> product. Soon you won't be able to get Juniper to support you. That's
> why there are so many for so cheap on eBay.
>
> Matt Freitag
> Network Engineer I
> Information Technology
> Michigan Technological University
> (906) 487-3696 <tel:%28906%29%20487-3696>
> https://www.mtu.edu/
> https://www.it.mtu.edu/
>
>
> On Fri, Sep 30, 2016 at 4:06 PM, Saku Ytti <saku at ytti.fi
> <mailto:saku at ytti.fi>> wrote:
>
>     On 30 September 2016 at 22:42, Pedro <piotr.1234 at interia.pl
>     <mailto:piotr.1234 at interia.pl>> wrote:
>
>     Hey Pedro,
>
>     > I have some idea to put switch before bgp router in order to terminate isp
>     > 10G uplinks on switch, not router. Main reason is that could be some kind of
>     > 1st level of defence against ddos, second reason, less important, save cost
>     > of router ports, do many port mirrors.
>
>     I don't understand your rationale, unless your router is software box,
>     but as it has 10G interface, probably not.
>     Your router should be able to limit packets in HW, likely with better
>     counter and filtering options than cheap switch.
>
>     --
>       ++ytti
>
>


---
Ta wiadomość została sprawdzona na obecność wirusów przez oprogramowanie antywirusowe Avast.
https://www.avast.com/antivirus



More information about the NANOG mailing list