[AusNOG] Assistance in picking a router

James Braunegg james.braunegg at micron21.com
Wed Jul 17 23:01:29 EST 2013


Good luck with fixing the issue....

On a side note Brocade purchased Vyatta ... adding some nice features to it also...

That being said throughput is one thing but packets per second in a DDoS attack is much more important.... Would be interesting to see the log files and see what its complaining about when it's under duress.. but if you don't have access that will be hard.

The problem also with a VM is dedicated resources and making sure the virtualization layer is not slowing you down...

My advice (if you want something on the cheap) I would be look at a layer 3 routing switch, many people do this... IE the Old Cisco 6500 series switches people still widely use today are an example of switches used as routers... (not that you need a 6500.. not even close... a 1RU Layer 3 switch would be all you need)

Kindest Regards

James Braunegg
P:  1300 769 972  |  M:  0488 997 207 |  D:  (03) 9751 7616
E:   james.braunegg at micron21.com<mailto:james.braunegg at micron21.com>  |  ABN:  12 109 977 666
W:  www.micron21.com/ip-transit<http://www.micron21.com/ip-transit>  T: @micron21


[Description: Description: Description: Description: M21.jpg]
This message is intended for the addressee named above. It may contain privileged or confidential information. If you are not the intended recipient of this message you must not use, copy, distribute or disclose it to anyone other than the addressee. If you have received this message in error please return the message to the sender by replying to it and then delete the message from your computer.

From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Daniel Watson
Sent: Wednesday, July 17, 2013 10:52 PM
To: Joshua D'Alton
Cc: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] Assistance in picking a router

Issues are being investigated as we speak

Hope to get some good results

All replies are welcome and appreciated

Daniel

Sent from my iPhone

On 17/07/2013, at 22:50, "Joshua D'Alton" <joshua at railgun.com.au<mailto:joshua at railgun.com.au>> wrote:
OP replied "As now they have said its not configured correctly..."

On Wed, Jul 17, 2013 at 10:47 PM, Craig Askings <craig at askings.com.au<mailto:craig at askings.com.au>> wrote:
Unless your underlying server is heavily oversubscribed, I doubt you will be having throughput issues at 30 mbit/s with your Vyatta server.

One of my clients is doing 1 gigabit/s of ipsec encryption and routing with Vyatta virtual machines.


On 17/07/2013, at 10:39 PM, Daniel Watson <daniel at glovine.com.au<mailto:daniel at glovine.com.au>> wrote:

> Gday Tim
>
> My provider have issued me with a Vyatta virtual router with a BGP session directly to them, they host and manage this VM router and have that router advertising our ASN and IPs
>
> Mind you AS132839 is one network, the other is AS132869. Same issues on both networks. Which are two seperate virtual routers. So its very odd
>
> Daniel
>
> Sent from my iPhone
>
> On 17/07/2013, at 22:34, "Tim March" <march.tim at gmail.com<mailto:march.tim at gmail.com>> wrote:
>
>>
>> Your network appears to be AS132839. Either you're advertising it to your upstream via a device that you control or your provider is advertising it on your behalf. From what you're saying it sounds like they're advertising it on your behalf and probably just handing off a switched port. This is probably what you're actually talking about when you say you've got a "BGP routing table."
>>
>> If you're having serious issues that you believe are related to that device your first port of call is probably to harass the provider about it. Also, if you're talking about replacing a managed service with a piece of your own hardware there are more than likely commercial issues you'll need to overcome as well.
>>
>>
>>
>> T.
>>
>> On 17/07/13 10:20 PM, Daniel Watson wrote:
>>> Gday Tim
>>>
>>> Thing here is. Our provider controls our router. Being Vyetta, we dont have access
>>>
>>> The only thing we have access too. Is the gear behind that, switches and servers ect ect
>>>
>>> All great advise thus far
>>>
>>> Ive been told we have a regular default BGP routing table aswell. So i hope that helps
>>>
>>> Daniel
>>>
>>> Sent from my iPhone
>>>
>>> On 17/07/2013, at 22:09, "Tim March" <march.tim at gmail.com<mailto:march.tim at gmail.com>> wrote:
>>>
>>>>
>>>> I'm sure you'll get a load of great advice on buying a new routing platform. Skeeve will tell you to buy a Juniper. I'll tell you to buy a Cisco. Chairman Mao will tell you to buy a Huawei. They'll all do what you need them to better than whatever virtual appliance you're probably running now.
>>>>
>>>> The network issues you're describing could be symptomatic of a whole range of fairly disparate causes. The best thing you can do is get someone who knows what they're doing to sit down in front of your network, do some analysis and produce a plan to improve it. Assuming you just need to buy $RandomPieceOfHardwareSomeDudeOnAMailingListSuggested and your problems will go away is flipping a coin.
>>>>
>>>>
>>>>
>>>>
>>>> T.
>>>>
>>>> On 17/07/13 10:00 PM, Joshua D'Alton wrote:
>>>>> Skeeve will be the man to answer this question, and maybe even the man
>>>>> to supply you with the juniper (to do it (unless you want to go ebay cisco).
>>>>>
>>>>> As an aside, NDA permitting, surely this isn't for Glovine?
>>>>>
>>>>> Reading your last reply, some SRX is what you'll want I think.
>>>>>
>>>>>
>>>>> On Wed, Jul 17, 2013 at 9:53 PM, Skeeve Stevens
>>>>> <skeeve+ausnog at eintellegonetworks.com<mailto:skeeve%2Bausnog at eintellegonetworks.com>
>>>>> <mailto:skeeve+ausnog at eintellegonetworks.com<mailto:skeeve%2Bausnog at eintellegonetworks.com>>> wrote:
>>>>>
>>>>>   Do you have more than one upstream?
>>>>>
>>>>>   Also.. can you confirm the size of the link and that you will need
>>>>>   2Gb/s throughput.
>>>>>
>>>>>
>>>>>   ...Skeeve
>>>>>
>>>>>   *Skeeve Stevens - *eintellego Networks Pty Ltd
>>>>>   skeeve at eintellegonetworks.com<mailto:skeeve at eintellegonetworks.com>
>>>>>   <mailto:skeeve at eintellegonetworks.com<mailto:skeeve at eintellegonetworks.com>> ; www.eintellegonetworks.com<http://www.eintellegonetworks.com>
>>>>>   <http://www.eintellegonetworks.com/>
>>>>>
>>>>>   Phone: 1300 239 038; Cell +61 (0)414 753 383<tel:%2B61%20%280%29414%20753%20383>
>>>>>   <tel:%2B61%20%280%29414%20753%20383> ; skype://skeeve
>>>>>
>>>>>   facebook.com/eintellegonetworks<http://facebook.com/eintellegonetworks>
>>>>>   <http://facebook.com/eintellegonetworks> ;
>>>>>   <http://twitter.com/networkceoau>linkedin.com/in/skeeve<http://linkedin.com/in/skeeve>
>>>>>   <http://linkedin.com/in/skeeve>
>>>>>
>>>>>   twitter.com/networkceoau<http://twitter.com/networkceoau> <http://twitter.com/networkceoau> ; blog:
>>>>>   www.network-ceo.net<http://www.network-ceo.net> <http://www.network-ceo.net/>
>>>>>
>>>>>
>>>>>   The Experts Who The Experts Call
>>>>>
>>>>>   Juniper - Cisco - Cloud
>>>>>
>>>>>
>>>>>   On Wed, Jul 17, 2013 at 9:43 PM, Daniel Watson
>>>>>   <daniel at glovine.com.au<mailto:daniel at glovine.com.au> <mailto:daniel at glovine.com.au<mailto:daniel at glovine.com.au>>> wrote:
>>>>>
>>>>>       Gday Tony
>>>>>
>>>>>       Speed would only need to be a max of 2gbit realistically..
>>>>>
>>>>>       As for the BGP table. Id have to come back on that one..
>>>>>
>>>>>       No firewall or NAT needed.  Just a basic router
>>>>>
>>>>>       Sorry i cant be of more infomation. Im a bit unsure myself :S
>>>>>
>>>>>       I know our provider passes through a BGP session currently. And
>>>>>       the virtual router handles our ASN and IP prefixes
>>>>>
>>>>>
>>>>>       Regards
>>>>>
>>>>>       D.
>>>>>
>>>>>       Sent from my iPhone
>>>>>
>>>>>       On 17/07/2013, at 21:39, "Tony" <td_miles at yahoo.com<mailto:td_miles at yahoo.com>
>>>>>       <mailto:td_miles at yahoo.com<mailto:td_miles at yahoo.com>>> wrote:
>>>>>
>>>>>>       Hi Daniel,
>>>>>>
>>>>>>       You probably need to supply a little bit more information, the
>>>>>>       most important being what speed is your connection and are you
>>>>>>       taking a full BGP table (and if you are, do you really need
>>>>>>       to) ? Do you want the router to do anything else (NAT,
>>>>>>       firewall, make you a cup of coffee, etc ?). Any preference for
>>>>>>       vendor ?
>>>>>>
>>>>>>
>>>>>>       regards,
>>>>>>       Tony.
>>>>>>
>>>>>>
>>>>>>           ------------------------------------------------------------------------
>>>>>>           *From:* Daniel Watson <daniel at glovine.com.au<mailto:daniel at glovine.com.au>
>>>>>>           <mailto:daniel at glovine.com.au<mailto:daniel at glovine.com.au>>>
>>>>>>           *To:* "ausnog at lists.ausnog.net<mailto:ausnog at lists.ausnog.net>
>>>>>>           <mailto:ausnog at lists.ausnog.net<mailto:ausnog at lists.ausnog.net>>" <ausnog at lists.ausnog.net<mailto:ausnog at lists.ausnog.net>
>>>>>>           <mailto:ausnog at lists.ausnog.net<mailto:ausnog at lists.ausnog.net>>>
>>>>>>           *Sent:* Wednesday, 17 July 2013 9:34 PM
>>>>>>           *Subject:* [AusNOG] Assistance in picking a router
>>>>>>
>>>>>>            Gday Noggers
>>>>>>
>>>>>>           I need some assistance from the community in looking at
>>>>>>           routers
>>>>>>
>>>>>>           We only need a basic router
>>>>>>
>>>>>>           Our provider provides us with a BGP session from their
>>>>>>           core to our virtual router at present,  But our virtual
>>>>>>           router is not coping very well
>>>>>>
>>>>>>           Can the community please have an open discussion with me,
>>>>>>           as to what i should be looking at  in the way of routers?
>>>>>>
>>>>>>
>>>>>>           Regards
>>>>>>
>>>>>>           D.
>>>>>>
>>>>>>           _______________________________________________
>>>>>>           AusNOG mailing list
>>>>>>           AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net> <mailto:AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>>
>>>>>>           http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>>
>>>>>       _______________________________________________
>>>>>       AusNOG mailing list
>>>>>       AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net> <mailto:AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>>
>>>>>       http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>>
>>>>>
>>>>>
>>>>>   _______________________________________________
>>>>>   AusNOG mailing list
>>>>>   AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net> <mailto:AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>>
>>>>>   http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> AusNOG mailing list
>>>>> AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
>>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>> _______________________________________________
>>>> AusNOG mailing list
>>>> AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
> http://lists.ausnog.net/mailman/listinfo/ausnog

_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog

_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130717/c18f52a5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 2683 bytes
Desc: image001.jpg
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130717/c18f52a5/attachment.jpg>


More information about the AusNOG mailing list