[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Mx204 alternative

Subject: Mx204 alternative
From: adamv0025 at netconsultings.com (adamv0025 at netconsultings.com)
Date: Mon, 2 Sep 2019 18:42:59 +0100
In-reply-to: <[email protected]>
References: <CA+LTh5UUbV7YNFZOh0b88-4H46VvtksVgTyRRKttmqX0__cDSw@mail.gmail.com> <[email protected]> <CAPkb-7CgG+[email protected]> <[email protected]> <CAPkb-7Ctjv[email protected]> <[email protected]>

> Denys Fedoryshchenko
> Sent: Monday, September 2, 2019 2:24 PM
> 
> On 2019-09-02 15:52, Baldur Norddahl wrote:
> >
> > Maturity is such a subjective word. But yes there are plenty of
> > options for routing protocols on a Linux. Every internet exchange is
> > running BGP on Linux for the route server after all.
> >
> > I am not recommending a server over MX204. I think MX204 is brilliant.
> > It is one of the cheapest options and if that is not cheap enough,
> > THEN the server solution is probably what you may be looking for.
> >
> > You can move a lot of traffic even with an old leftover server.
> > Especially if you are not concerned with moving 64 bytes DDoS at line
> > speed, because likely you would be down anyway in that case.
> >
> > As to the OPEX I would claim there are small shops that would have an
> > easier time with a server, because they know how to do that. They
> > would have only one or two routers and learning how to run JUNOS just
> > for that might never happen. It all depends on what workforce you
> > have. Network people or server guys?
> >
> > Regards
> >
> > Baldur
> >
> >>
> 
> I think that such types of DDoS are much easier to solve on a server with
> XDP/eBPF than on MX.
> And much cheaper if we are talking about the new SYN+ACK DDoS and it is
> exactly 64b ddos case. I used multiple 82599.
> 
>  From snabbco discussion, issue #1013, "If you read Intel datasheets then
the
> minimum packet rate they are guaranteeing is 64B for 10G (82599), 128B for
> 40G (XL710), and 256B for 100G (FM10K)."
> 
> But "hardware", ASIC enabled routers such as MX might be not better and
> even need some tuning.
> https://kb.juniper.net/InfoCenter/index?page=content&id=KB33477&actp=
> METADATA
> "On summit MX204 and MX10003 platforms, the line rate frame size is 119
> byte for 10/40GbE port and 95 byte for 100GbE port."
> or some QFX, for example, Broadcom Tomahawk 32x100G switches only do
> line-rate with >= 250B packets according to datasheets.
>
You nailed it, 
Actually very few line-cards or fabric-less boxes with (run to completion
vendor chips) out there do line-rate at 64B packets nowadays.
-with the advent of 100G the "line-rate at 64B" is pretty much not a thing
anymore...
Something to consider, not because one wants to push 64B packets at
line-rate on all ports but because one needs to push IMIX through QOS or
filters... and the card/box might simply not deliver.
   
adam

Follow-Ups:
- Mx204 alternative
  - From: lukasz at bromirski.net (Łukasz Bromirski)

References:
- Mx204 alternative
  - From: mark.tinka at seacom.mu (Mark Tinka)
- Mx204 alternative
  - From: baldur.norddahl at gmail.com (Baldur Norddahl)
- Mx204 alternative
  - From: nuclearcat at nuclearcat.com (Denys Fedoryshchenko)

Prev by Date: Weekly Routing Table Report
Next by Date: Mx204 alternative
Previous by thread: Mx204 alternative
Next by thread: Mx204 alternative
Index(es):
- Date
- Thread