Solved: Used router advice for small web host moving to own ASN

elliotpea · ‎04-30-2014

Hi there,

I run a small web hosting company, i'm primarily a sys admin, my network knowledge is ok but my routing knowledge and experience does let me down so please bear with me on these questions.

We currently have our own PI Space, which our transit provider put on our port for us and handle the routing. Due to a recent spate of DDOS attacks and other issues, we've decided to move to our own ASN, and handle our own BGP, allowing us to null route ip's on demand, manage our network better and increase capacity to soak up the attacks.

I'm after a router which will fit the following:

1) Handle a full table (i believe i need this if i have my own ASN?)

2) Our bandwidth requirement is 200mbps, but i would like it to handle 4gbps incase of attacks.

3) 8 x 1Gbe ports (4 link aggregated uplink and 4 aggregated to our internal network)

3) Fully redundant incase of hardware failure or OS upgrades (maybe 2 routers in active/active might be better(cheaper) than 1 large hardware redundant system?)

4) Budget conscious - i will spend the money it requires to do this properly, but we are on a tight budget. I will definitely be looking at used equipment, previous generation(s) - whatever suits the best.

Thanks in advance for your input.

Elliot

Karsten Iwen · ‎05-02-2014

1) No, you don't need the full routing-table. If you only have one upstream-provider, a default-route could be enough.

I would look at the ASR1001-4X1GE for that:

http://www.cisco.com/c/en/us/products/routers/asr-1001-router/index.html

View solution in original post

Karsten Iwen · ‎05-02-2014

1) No, you don't need the full routing-table. If you only have one upstream-provider, a default-route could be enough.

I would look at the ASR1001-4X1GE for that:

http://www.cisco.com/c/en/us/products/routers/asr-1001-router/index.html

elliotpea · ‎05-03-2014

HI Karsten,

Thanks for your reply. I think in the interest of simplicity and the fact we don't need a table, we'll go with a layer 3 switch, we can then aggregate 4 x 1gb to our provider.

I'm thinking of going for the 3750-X with IP Services image. Can you (or anyone for that matter) tell me if the Services Module is required for Netflow functionality? Or does Netflow on the fixed ports work regardless if the services module is installed or not?

Thanks,

Elliot

Karsten Iwen · ‎05-03-2014

I would go directly for the 3850 in that case. That switch supports flexible NetFlow on all ports.

This is from the 3750-X config-guide:

Flexible NetFlow is supported only on the Catalyst 3750-X and 3560-X switch running the IP base or IP services feature set and equipped with the network services module.

elliotpea · ‎05-03-2014

Thanks, this is what i suspected. Unfortunately the 3850 is rather expensive. Are there any older generations or other models which would suit? The features i'm after are:

24 Port

BGP (So IP Services image)

Netflow

Redundant PSU (or 2 switches stacked if more cost effective)

Karsten Iwen · ‎05-03-2014

I assume that won't be that easy. The "smaller" switches all don't support netflow (to my knowledge) and the routers get pretty expensive with higher throughput. But they all support netflow. Perhaps you get somewhere a refurbished Cat-4500 with Supervisor Engine V-10GE:

To use the NetFlow feature, you must have the Supervisor Engine V-10GE (the functionality is embedded in the supervisor engine), or the NetFlow Services Card (WS-F4531) and either a Supervisor Engine IV or a Supervisor Engine V.

elliotpea · ‎05-05-2014

Many thanks. It looks like the 3850 is going to be the way to go. The 4500, although cheaper, is just too bulky even on the smallest chassis for the space in my rack.