nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos
piotr.1234 at interia.pl
Sat Oct 1 07:03:26 UTC 2016
We had situations, that we lost all our bgp sessions, not even only on
ports where flood was coming. Just cpu overloaded. I don't care about
support too much, there are cheap enough to have spare. Soft is mature
with known bugs so i assume that this risk are accepted. Bigger problem
for me is technical details about features, which i desribed in my first
post. Most of this features i tested on trident2 chipset extreme 670, it
works but with problems and some limits. Now i have to change vendor.
Really wondering what can i get from N3K-C3064PQ, its also build on
thanks for answers,
W dniu 2016-09-30 o 22:50, Matt Freitag pisze:
> Please also keep in mind that the Juniper EX4500 is an end of life
> product. Soon you won't be able to get Juniper to support you. That's
> why there are so many for so cheap on eBay.
> Matt Freitag
> Network Engineer I
> Information Technology
> Michigan Technological University
> (906) 487-3696 <tel:%28906%29%20487-3696>
> On Fri, Sep 30, 2016 at 4:06 PM, Saku Ytti <saku at ytti.fi
> <mailto:saku at ytti.fi>> wrote:
> On 30 September 2016 at 22:42, Pedro <piotr.1234 at interia.pl
> <mailto:piotr.1234 at interia.pl>> wrote:
> Hey Pedro,
> > I have some idea to put switch before bgp router in order to terminate isp
> > 10G uplinks on switch, not router. Main reason is that could be some kind of
> > 1st level of defence against ddos, second reason, less important, save cost
> > of router ports, do many port mirrors.
> I don't understand your rationale, unless your router is software box,
> but as it has 10G interface, probably not.
> Your router should be able to limit packets in HW, likely with better
> counter and filtering options than cheap switch.
Ta wiadomość została sprawdzona na obecność wirusów przez oprogramowanie antywirusowe Avast.
More information about the NANOG