Re: Vyatta as a BRAS

[Łukasz Bromirski <lukasz () bromirski net>]

On 2010-07-15 19:22, Dennis Burgess wrote:
> RouterOS is a software based router, we have them all over the world as
> CORE and EDGE routers to networks.

Wonderful, congratulations.

> Some of our hardware can hit multi-gig speeds, BGP etc.

Same can do your competitors.

> We commonly replace 7206VXRs.

Sad story, really. And I bet 7200VXRs commonly replace RouterOS.

> Does some other form of DoS attack have an effect on it, sure, but
> as long as you have enough CPU to weather the storm you normally
> don't have major issues.

Sure, a lot of people were at this point of their learning curve,
pretty sure that they will withstand anything with their multi-GHz,
multi-core CPUs. Then they met real world, or as it is often said,
real world met them.

(and I'm all for FreeBSD boxes, don't get me wrong, the whole point
 of this discussion is that either you're doing hardware forwarding
 and you're pretty safe [unfortunately often with a lot of caveats,
 but still], or you're doing software forwarding and you have
 a nice attack vector open for anyone willing)

--
"Everything will be okay in the end.  |                 Łukasz Bromirski
 If it's not okay, it's not the end." |      http://lukasz.bromirski.net