nanog mailing list archives

Re: CPE that support 1G with BGP multihomed

From: Raymond Burkholder <ray () oneunified net>
Date: Sat, 30 Sep 2017 00:00:11 -0300


On 09/26/17 06:29, marcel.duregards--- via NANOG wrote:

Dear Nanoger,

Anyone have an advice on CPE which can support the following features,
please:

I've been building cpe devices using various models fromhttp://www.lannerinc.com.

I populate with Debian linux:. I use pxeboot to autoboot into installmode with dnsmasq providing deb-install preseed build files. On theauto reboot after o/s install, I finish up with consistent, documentedbuilds with SaltStack. This provides the necessary customizedswitching, routing, security, and monitoring.


Raymond Burkholder
https://blog.raymond.burkholder.net
441 705 7292

1)
1 Gigabits/s ipv4 or ipv6 forwarding IMIX or Internet traffic, full
duplex (not sure if cisco or miercom are conducting bidirectionals
traffic flows at the same time).

With an FW-7543, I can iperf bidirectional 1gbps with no acl. I can getstrongswan ipsec bidirectional at about 50mbps (the cpu has AES-NI). Ihavn't tried ipsec on devices like the FW-7573.


2)
with ACLs and with uRPF
with prefix filtering
with bgp ext-communities (rfc 8092 would be a ++, but not mandatory)

I can customize configs with various combinations of VRRP,FreeRangeRouting BGP/OSPF (full routes are no problem), nftables forACL, lldpd, hostapd for wireless, openvswitch for bridgingrequirements/netflow/sflow ...

The linux kernel supplies uRPF. FreeRangeRouting (a fork of Quagga) cando prefix filtering, ext-communities, etc. They have even recentlyimplemented EVPN using VxLAN for encapsulation.

3)
with BGP full route, 1 eBGP session + 1 iBGP  (--> multihomed, single
attached solution, so there is 2 CPE connected to 2 bgp transit))

I've used the FW-7543 in pairs to a customer for this: a managementport, a port between the two, an upstream port, and a downstream port.

4)
vrf light and
SNMP + telnet/ssh with ACLs

Linux kernel has VRF capabilities, or use namespaces or nativecontainers for segregation of functions or for implementing virtualfunctions.



Currently on Cisco side, we see the following candidates:

- ASR 1001-x
- ASR 1002
- ISR 4431, 4451
- ISR G2 2921 + 2951 + 3925(E)  (EoL soon, so we are currently in the
process of evaluating other solution).


But we would like also to include other manufacturer : juniper, mikrotik
, etc....



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Current thread:

CPE that support 1G with BGP multihomed marcel.duregards--- via NANOG (Sep 26)
- Re: CPE that support 1G with BGP multihomed Blake Hudson (Sep 26)
- Re: CPE that support 1G with BGP multihomed Ahad Aboss (Sep 26)
- Re: CPE that support 1G with BGP multihomed Raymond Burkholder (Sep 29)