RE: vyatta for bgp

[Deepak Jain <deepak () ai net>]

In a message written on Mon, Sep 12, 2011 at 06:56:26PM +0000, Dobbins, Roland wrote:
> The days of public-facing software-based routers were over years ago - you need an ASIC-based edge router, else 
> you'll end up getting zorched.

Some enterprises get MPLS L3 VPN service from their providers, and need boxes that can route packets to it and speak 
BGP to inject their routes.  They are not, per se, connected to the Internet, and thus won't be "zorched", at least in 
the sense you are using it.

Also, many enterprises get DS-3, Cable Modem, or 100M Ethernet handoffs, and won't ever get a faster "zorch" due to 
link speed.

---

Picking up on what Leo wrote:

I think the OP stated he is using less than 10M (or a few T1s or something). The term Enterprise covers a lot of ground 
from SMEs to LBs. 

It's important to clarify that no router is perfect and all of them are sufficiently complex beasties to fully 
understand your problem/solution set. 

Software routers are simpler in that almost all of their complexities lie in their CPU/bus/interrupt limitations and 
provided you haven't hit those limits the software can do just about anything you ask of it. 

Hardware-assisted routers are promised to move lots and lots of pps and tolerate all kinds of bad behavior -- with all 
kinds of caveats, like control plane policing, understanding the minutiae of their ASIC design/layout and of course 
various oddities in their software configurations and releases (turn this on, but not with that, if you want this 
feature to work). 

Without rehashing 20+ years of collective knowledge & caveats on hardware-assisted routers, smaller guys who want to 
test their approach to purchasing need some kind of answer better than "it depends".

Even though "it depends"  (based on total uplink speeds), here are my suggestions:

<200 mb/s a circa 2010+ software router, even talking to the internet as a whole, is probably fine, even to run BGP. 
You may have some weird edge cases where you can be attacked, but your pipe will probably limit you. At this level, you 
can also lean on your ISP to help if you get into a jam.

200mb/s to 2Gb/s , your software router may keep up, and you need to start considering hardware assisted routing and a 
stiff breeze could make your router fall over. More time will be required to tune your software router that could be 
better spent elsewhere. At the higher end of this range, your ISP is less able to help you (filter good traffic from 
bad) and you need to be able to do some of this in your router. Pipe speed is less of an issue and you can have badly 
behaved traffic that "zorches" you at far less than link speed.

2Gb/s +, your software solution is a dead duck or an accident waiting to happen. You will be victim to oddities related 
to inconsistent performance, jitter, and of course malicious attacks. You probably want more advanced traffic and 
profiling features a hardware platform allows you (at wire speed) too.  Your ISP's hardware router will only do what 
you ask (nicely) for your ISP to do... and even that is limited. You are basically "big enough" to manage these 
connections on your own and should have equipment and staff available to do so.

I just took a stab at the ranges and the concepts, only limited to the OP's context and directed at "Enterprise" 
customers. ISP's probably can't use these limits for their own router solution/sizing -- and we all know that ISPs vary 
in quality, especially at 4am when you are being DOS'd....so ymmv.

HTH,

Deepak Jain
AiNET