nanog mailing list archives
Re: nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos
From: Pedro <piotr.1234 () interia pl>
Date: Sat, 1 Oct 2016 09:03:26 +0200
We had situations, that we lost all our bgp sessions, not even only on ports where flood was coming. Just cpu overloaded. I don't care about support too much, there are cheap enough to have spare. Soft is mature with known bugs so i assume that this risk are accepted. Bigger problem for me is technical details about features, which i desribed in my first post. Most of this features i tested on trident2 chipset extreme 670, it works but with problems and some limits. Now i have to change vendor. Really wondering what can i get from N3K-C3064PQ, its also build on trident2 AFAIK thanks for answers, Pedro W dniu 2016-09-30 o 22:50, Matt Freitag pisze:
Pedro, Please also keep in mind that the Juniper EX4500 is an end of life product. Soon you won't be able to get Juniper to support you. That's why there are so many for so cheap on eBay. Matt Freitag Network Engineer I Information Technology Michigan Technological University (906) 487-3696 <tel:%28906%29%20487-3696> https://www.mtu.edu/ https://www.it.mtu.edu/ On Fri, Sep 30, 2016 at 4:06 PM, Saku Ytti <saku () ytti fi <mailto:saku () ytti fi>> wrote: On 30 September 2016 at 22:42, Pedro <piotr.1234 () interia pl <mailto:piotr.1234 () interia pl>> wrote: Hey Pedro, > I have some idea to put switch before bgp router in order to terminate isp > 10G uplinks on switch, not router. Main reason is that could be some kind of > 1st level of defence against ddos, second reason, less important, save cost > of router ports, do many port mirrors. I don't understand your rationale, unless your router is software box, but as it has 10G interface, probably not. Your router should be able to limit packets in HW, likely with better counter and filtering options than cheap switch. -- ++ytti
--- Ta wiadomość została sprawdzona na obecność wirusów przez oprogramowanie antywirusowe Avast. https://www.avast.com/antivirus
Current thread:
- Re: nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos Pedro (Oct 01)
- Re: nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos Saku Ytti (Oct 01)
- <Possible follow-ups>
- Re: nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos Mike Hammett (Oct 01)
- Re: nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos James Jun (Oct 01)
- Re: nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos Josh Reynolds (Oct 01)
- Re: nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos Saku Ytti (Oct 01)
- Re: nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos James Jun (Oct 01)
- Re: nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos James Jun (Oct 01)
- Re: nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos Mike Hammett (Oct 01)
- Re: nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos joel jaeggli (Oct 02)