nanog mailing list archives
Re: Vyatta as a BRAS
From: Joe Greco <jgreco () ns sol net>
Date: Tue, 13 Jul 2010 17:45:11 -0500 (CDT)
On Jul 13, 2010, at 10:58 PM, Joe Greco wrote:It's interesting. One can get equally militant and say that hardware bas=ed routers are irrelevant in many applications.=20 When BCPs are followed, they don't tend to fall over the moment someone hit= s them with a few kpps of packets - which should be a key criteria for an e= dge device. The same can't be said of software-based devices.
That's just a completely ignorant statement to make. I notice in particular how carefully you qualify that with "[w]hen BCPs are followed"; the fact that hardware router manufacturers have declared everything and anything that derails their bullet trains as "not a BCP" is a perfect example of this deceptive sort of misinformation. There are plenty of FreeBSD based devices out there that are passing tons of traffic; almost any of them are more competent than any Cisco router I'm aware of when hitting them directly with traffic, since the CPU's on your average Cisco are pretty flimsy, the CPU on a FreeBSD box is going to be fairly current tech, and the code on a FreeBSD box is going to have been designed to defend against such attacks because things like IRC server operators often don't have the luxury of hiding their device management on a protected net. The fact of the matter is that the way that most "hardware" platforms try to survive a DoS attack against their control plane is through hardware filtering; to the extent that that works, it's going to be pretty effective. However, if we're going to allow for that, then we have to allow the software platform to defend itself with a firewall as well, and once you do that, on both platforms, what actually happens in the end is that both devices can successfully defend at gigabit speeds, but you start losing traffic because you're filling the inbound pipe. Or, put another way: "When BCP's are followed, software devices don't tend to fall over the moment someone hits them with a few Mpps of packets either." ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
Current thread:
- Re: Vyatta as a BRAS, (continued)
- Re: Vyatta as a BRAS Dobbins, Roland (Jul 14)
- Re: Vyatta as a BRAS Per Carlson (Jul 14)
- Re: Vyatta as a BRAS Lamar Owen (Jul 13)
- Re: Vyatta as a BRAS Curtis Maurand (Jul 13)
- Re: Vyatta as a BRAS Joe Greco (Jul 13)
- Re: Vyatta as a BRAS Dobbins, Roland (Jul 13)
- Re: Vyatta as a BRAS khatfield (Jul 13)
- Re: Vyatta as a BRAS Dobbins, Roland (Jul 13)
- Re: Vyatta as a BRAS Robert Bays (Jul 13)
- Re: Vyatta as a BRAS Franck Martin (Jul 13)
- Re: Vyatta as a BRAS Joe Greco (Jul 13)
- Re: Vyatta as a BRAS Dobbins, Roland (Jul 13)
- Re: Vyatta as a BRAS Joe Greco (Jul 14)
- Re: Vyatta as a BRAS Dobbins, Roland (Jul 14)
- Re: Vyatta as a BRAS Joe Greco (Jul 14)
- Re: Vyatta as a BRAS Tony Varriale (Jul 14)
- Re: Vyatta as a BRAS Joe Greco (Jul 15)
- Re: Vyatta as a BRAS Dobbins, Roland (Jul 15)
- Re: Vyatta as a BRAS Bill Bogstad (Jul 15)
- Re: Vyatta as a BRAS Cian Brennan (Jul 15)
- Re: Vyatta as a BRAS Dobbins, Roland (Jul 15)