nanog mailing list archives

RE: Mx204 alternative

From: <adamv0025 () netconsultings com>
Date: Mon, 2 Sep 2019 18:42:59 +0100

Denys Fedoryshchenko
Sent: Monday, September 2, 2019 2:24 PM

On 2019-09-02 15:52, Baldur Norddahl wrote:


Maturity is such a subjective word. But yes there are plenty of
options for routing protocols on a Linux. Every internet exchange is
running BGP on Linux for the route server after all.

I am not recommending a server over MX204. I think MX204 is brilliant.
It is one of the cheapest options and if that is not cheap enough,
THEN the server solution is probably what you may be looking for.

You can move a lot of traffic even with an old leftover server.
Especially if you are not concerned with moving 64 bytes DDoS at line
speed, because likely you would be down anyway in that case.

As to the OPEX I would claim there are small shops that would have an
easier time with a server, because they know how to do that. They
would have only one or two routers and learning how to run JUNOS just
for that might never happen. It all depends on what workforce you
have. Network people or server guys?

Regards

Baldur


I think that such types of DDoS are much easier to solve on a server with
XDP/eBPF than on MX.
And much cheaper if we are talking about the new SYN+ACK DDoS and it is
exactly 64b ddos case. I used multiple 82599.

 From snabbco discussion, issue #1013, "If you read Intel datasheets then

the

minimum packet rate they are guaranteeing is 64B for 10G (82599), 128B for
40G (XL710), and 256B for 100G (FM10K)."

But "hardware", ASIC enabled routers such as MX might be not better and
even need some tuning.
https://kb.juniper.net/InfoCenter/index?page=content&id=KB33477&actp=
METADATA
"On summit MX204 and MX10003 platforms, the line rate frame size is 119
byte for 10/40GbE port and 95 byte for 100GbE port."
or some QFX, for example, Broadcom Tomahawk 32x100G switches only do
line-rate with >= 250B packets according to datasheets.

You nailed it, 
Actually very few line-cards or fabric-less boxes with (run to completion
vendor chips) out there do line-rate at 64B packets nowadays.
-with the advent of 100G the "line-rate at 64B" is pretty much not a thing
anymore...
Something to consider, not because one wants to push 64B packets at
line-rate on all ports but because one needs to push IMIX through QOS or
filters... and the card/box might simply not deliver.
   
adam

Current thread:

Re: Mx204 alternative, (continued)
- - - Re: Mx204 alternative Saku Ytti (Sep 02)
    - Re: Mx204 alternative Denys Fedoryshchenko (Sep 02)
    - Re: Mx204 alternative Saku Ytti (Sep 02)
    - Re: Mx204 alternative Mark Tinka (Sep 02)
    - Re: Mx204 alternative Brandon Martin (Sep 02)
    - Re: Mx204 alternative Ross Tajvar (Sep 02)
    - Re: Mx204 alternative Raymond Burkholder (Sep 02)
    - Re: Mx204 alternative Olivier Benghozi (Sep 02)
    - RE: Mx204 alternative adamv0025 (Sep 02)
    - Re: Mx204 alternative Saku Ytti (Sep 02)
    - RE: Mx204 alternative adamv0025 (Sep 02)
    - Re: Mx204 alternative Łukasz Bromirski (Sep 03)
    - Re: Mx204 alternative Saku Ytti (Sep 03)
    - RE: Mx204 alternative adamv0025 (Sep 03)
    - Re: Mx204 alternative Saku Ytti (Sep 03)
    - RE: Mx204 alternative adamv0025 (Sep 03)
    - Re: Mx204 alternative Nick Hilliard (Sep 02)
    - Re: Mx204 alternative Mark Tinka (Sep 02)
- Re: Mx204 alternative Mark Tinka (Sep 02)
- Re: Mx204 alternative Mark Tinka (Sep 02)
  - RE: Mx204 alternative adamv0025 (Sep 02)

(Thread continues...)