Re: Software-based Border Router

["Nathanael C. Cariaga" <nccariaga () stluke com ph>]

Thank you for the prompt response.  Just to clarify my previous post, I was actually referring to Linux/Unix-based 
routers.  We've been considering this solution because presently we don't have any budget for equipment acquisition 
this year.

To be honest, I came across Vyatta Core while searching for viable Linux/Unix-based solution that we can adopt and I'm 
currently reading its reference guides.  Has anyone here used this software before?  

Thanks a lot.

----- Original Message -----
From: sthaug () nethelp no
To: nccariaga () stluke com ph
Cc: nanog () nanog org
Sent: Sunday, September 26, 2010 5:59:21 PM
Subject: Re: Software-based Border Router

> Just want to ask if anyone here had experience deploying software-based routers to serve as perimeter / border 
> router? How does it gauge with hardware-based routers? Any past experiences will be very much appreciated. 

Software based routers (e.g. Cisco 7200 series) have been used as border
routers for many years - this is hardly anything new. The question you
should ask is probably: Can such a router handle a full link's worth of
DDoS using minimum sized packets? The answer, of course, depends on your
link capacity, the router itself, features enabled (ACLs, QoS, ...) etc.

There are quite a few people using Quagga based boxes running Linux or
FreeBSD as border routers - this is a possible solution too, giving
you more bang for the buck than a traditional software based router from
the big vendors. Make sure you have enough expertise for the relevant OS
and routing software available.

Steinar Haug, Nethelp consulting, sthaug () nethelp no