[AusNOG] 10G routing

Michael Marklew mike at idl.net.au
Sat Feb 8 09:49:29 EST 2014 

Yes. Apart from rate limiting I had something similar to this in place - http://wiki.mikrotik.com/wiki/DDoS_Detection_and_Blocking

FYI: It had been handling 60k+ pps with sustained 200+ Mbps for some weeks and 0-3% CPU load.

Not really a big deal considering it's specks.

Tom Berryman suggested the logging may have crashed it. The DDOS trigged some logging so this is possibly the problem. I will adjust and wait for the next DDOS.

On 8 Feb 2014, at 9:23 am, Ben <ben at meh.net.nz> wrote:

> were you storing state?  i'd be disconcerted if it can't handle 250 megabit of traffic of any kind.
> 
> if state tables overflow then you can lose connection to devices.  
> 
> Ben.
> 
> On Sat, Feb 08, 2014 at 09:12:04AM +1100, Michael Marklew wrote:
>> 1:09 am and my Cloud Core (CCR1036-12G-4S) was taken down by a 250Mbps plus DDOS to an end user. Now it is non-resposnive and I have to make a weekend trip into the data centre.
>> 
>> I put it in front of my Cisco 7200 series only a few weeks ago so I could do some QoS on my main feed. It has been working well and I have been patting myself on the back because I saved $20k on the appropriate Allott Net Enforcer or some such.
>> 
>> My backup BGP path is via another 7200 and other then being very slow it managed when the traffic switched.
>> 
>> So it would appear the CCR1036-12G-4S has less routing power then an old Cisco 7200 VXR, although the Mikrotik was doing some rate limiting and fire walling (to block DDOS) for that matter.
>> 
>> I love the Mikrotik gear, I love it's price and I love it's flexibility. Shame. Now to decide if I should put a managed power rain in so I can reboot it remotely or just get rid of it.
>> 
>> Kind Regards,
>> Michael.
>> 
>> On 7 Feb 2014, at 3:05 pm, Matt Perkins <matt at spectrum.com.au> wrote:
>> 
>>> Google mikrotik cloud core.
>>> 
>>> Matt.
>>> 
>>> 
>>> On 7/02/14 1:25 PM, Alex Samad - Yieldbroker wrote:
>>>> Hi
>>>> 
>>>> Q)  am I being unrealistic to think I should be able to get 10Gb/s routing/firewall in a vm? (or cheap hardware solution)
>>>> 
>>>> I know there are very expensive Big name boxes out there, but I am wondering what other people are thinking / using.  I guess I am not thinking core telco stuff but more for business end user.
>>>> 
>>>> I have had a bit of a test of the current soft routers and love interfaces, love the price (not so much the brocade vr5400..)
>>>> 
>>>> Did some testing of a home built centos 6.5 box  I was able to get up to  8Gb/s  routed and firewall rules in place, but writing a system to manage it I have better things to do :)
>>>> 
>>>> My general feel currently is they are not ready yet, trying to get up over 1Gb/s was rather hard..  General feel on yvos was it should work out of the box ...
>>>> 
>>>> My next question
>>>> 
>>>> Any one played with one of these
>>>> CCR1036-8G-2S+: 36core Cloud Core Router with 8GbE 2x 10Gbe SFP
>>>> 
>>>> They say they can get 28Gb/s routed with firewall rules in place ....
>>>> 
>>>> Thanks
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________
>>>> AusNOG mailing list
>>>> AusNOG at lists.ausnog.net
>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>> 
>>> 
>>> -- 
>>> /* Matt Perkins
>>>       Direct 1300 137 379     Spectrum Networks Ptd. Ltd.
>>>       Office 1300 133 299     matt at spectrum.com.au
>>>       Fax    1300 133 255     Level 6, 350 George Street Sydney 2000
>>>       SIP 1300137379 at sip.spectrum.com.au
>>>       PGP/GNUPG Public Key can be found at  http://pgp.mit.edu
>>> */
>>> 
>>> _______________________________________________
>>> AusNOG mailing list
>>> AusNOG at lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>> 
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog

More information about the AusNOG mailing list