Help me find some good routers!

Olle Johansson · ‎10-14-2013

Hi!

We run a datacenter and have today an incoming internet connection with 1Gbit/sec. And I really need som help to find a good router

And we will soon have another ISP with 1Gbit/sec and we will do multihoming with the full BGP table

Beacuse we have a datacenter and hosting alot of customer we need to do trafic shaping/policing per sub interface towards our customer FWs.

Today we have some shaping/policing/QoS in a pair of Cisco 3925, and they do not do it very well because the CPU will just peak.

Last night we got a DDoS attack on a webserver. They pulled approx 800Mbit/sec UDP trafik towards us and that filled our internet connections.

Is there some good router features I should look for now When I'm out buying some new?

This post looks a bit messy... I'm from sweden and I have sleept about 3 ours tonight (and I have a tree year old so I have not sleept for about 3 years )

So my Writen language may not be perfect

Thank you for your time!

Regards Olle

Joseph W. Doherty · ‎10-15-2013

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

As you've already discovered, a 3925 is a little too small to handle a busy gig link. For just one gig link, the recent 4500-X would be better sized, but for two gig links, you'll probably want to consider the lower end of the ASR 1000 series rated at 5 Gbps or better.

BTW, regardless of the router, some DDoS attacks are not easily dealt with. I can easily send x amount of packets toward any IP. They can be filtered, but it doesn't stop the bandwidth consumption before the filter. I.e. you could protect the web server, if you can identify the traffic as invalid, but such an attack may still consume 800 Mbps of your Internet bandwidth.

Olle Johansson · ‎10-15-2013

I have been thinking about ASR1002-X

I have not worked very much with QoS and shaping/policing.

In the ISR G2 routers I assume that it is done in CPU

Do the ASR1000 have hardware for that or do they only have a bigger CPU?

Yeah DDoS is tricky...

We are considering some kind of ISP help for this... in some sort

Joseph W. Doherty · ‎10-15-2013

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

My understanding is they're a little of both, i.e. faster CPU and some dedicated hardware. I suspect they are "version 2" of the NSE-1 that was used with the 7200/7300 series.

The ASR 1002-X might be a good choice, as it's performance is upgradable across a good range.