CPE that support 1G with BGP multihomed

Mailman List Mirror (Read Only)
1

Dear Nanoger,

Anyone have an advice on CPE which can support the following features,
please:

1)
1 Gigabits/s ipv4 or ipv6 forwarding IMIX or Internet traffic, full
duplex (not sure if cisco or miercom are conducting bidirectionals
traffic flows at the same time).

2)
with ACLs and with uRPF
with prefix filtering
with bgp ext-communities (rfc 8092 would be a ++, but not mandatory)

3)
with BGP full route, 1 eBGP session + 1 iBGP (--> multihomed, single
attached solution, so there is 2 CPE connected to 2 bgp transit))

4)
vrf light and
SNMP + telnet/ssh with ACLs

Currently on Cisco side, we see the following candidates:

- ASR 1001-x
- ASR 1002
- ISR 4431, 4451
- ISR G2 2921 + 2951 + 3925(E) (EoL soon, so we are currently in the
process of evaluating other solution).

But we would like also to include other manufacturer : juniper, mikrotik
, etc....

Thank for your help,

2

Keep in mind the ASR1002 is also EoL, and only the configuration with upgraded RAM and ESP10 would meet your stated need for a full BGP table (the ESP2.5/5 does not have enough FIB memory to store the full routing table). The 1001-X offers the pay as you go model, so you may want to check with Cisco regarding FIB availability at different license price points. I believe the ASR9001 would also meet your needs; I don't have experience with the other options.

3

Hi Marcel,

I've personnel tested similar requirements on the followings;

ASR1001 - 8G RAM
ASR1001-X
ASR1002 8G RAM

with two eBGP sessions / full routes via two upstreams and mutiple iBGP
sessions to the core. The ASR1K is a safe bet.

The ISR G2 2921 or 2951 suffers under load if you have PBR or NAT/PAT rules.

Hope this info helps with your research and router selections.

Cheers,
Ahad

4

Dear Nanoger,

Anyone have an advice on CPE which can support the following features,
please:

I've been building cpe devices using various models from http://www.lannerinc.com.

I populate with Debian linux:. I use pxeboot to autoboot into install mode with dnsmasq providing deb-install preseed build files. On the auto reboot after o/s install, I finish up with consistent, documented builds with SaltStack. This provides the necessary customized switching, routing, security, and monitoring.

Raymond Burkholder
https://blog.raymond.burkholder.net
441 705 7292

1)
1 Gigabits/s ipv4 or ipv6 forwarding IMIX or Internet traffic, full
duplex (not sure if cisco or miercom are conducting bidirectionals
traffic flows at the same time).

With an FW-7543, I can iperf bidirectional 1gbps with no acl. I can get strongswan ipsec bidirectional at about 50mbps (the cpu has AES-NI). I havn't tried ipsec on devices like the FW-7573.

2)
with ACLs and with uRPF
with prefix filtering
with bgp ext-communities (rfc 8092 would be a ++, but not mandatory)

I can customize configs with various combinations of VRRP, FreeRangeRouting BGP/OSPF (full routes are no problem), nftables for ACL, lldpd, hostapd for wireless, openvswitch for bridging requirements/netflow/sflow ...

The linux kernel supplies uRPF. FreeRangeRouting (a fork of Quagga) can do prefix filtering, ext-communities, etc. They have even recently implemented EVPN using VxLAN for encapsulation.

3)
with BGP full route, 1 eBGP session + 1 iBGP (--> multihomed, single
attached solution, so there is 2 CPE connected to 2 bgp transit))

I've used the FW-7543 in pairs to a customer for this: a management port, a port between the two, an upstream port, and a downstream port.

4)
vrf light and
SNMP + telnet/ssh with ACLs

Linux kernel has VRF capabilities, or use namespaces or native containers for segregation of functions or for implementing virtual functions.