Force10 Gear - Opinions

Sorry for the off-topic post.

Does anyone here have real-world experience with Force 10 gear
(Specifically their E-Series and C-Series)? They came and did their
whole dog and pony show today, but I wanted to get real-world feedback
on their gear.

I need to know about their

1) Reliability

2) Performance

3) Support staff (how knowledgeable are they?)

4) Price (higher/lower/comparable to comparable Cisco gear)

We're exclusively a Cisco shop here right now (mostly Cat6500s), so
changing out some of our core gear with Force 10 is a bit 'scary', but
if it meets our needs, maybe...

Contact me off-list please.

Thanks!

Ken Matlock
Network Analyst

Exempla Healthcare
(303) 467-4671
matlockk@exempla.org

shameless-plug=on

  Hi,

  You may want to consider asking on force10-nsp as well.

http://puck.nether.net/mailman/listinfo/force10-nsp

  - Jared

Sorry for the off-topic post.

Don't be; it was acutely on-topic.

Does anyone here have real-world experience with Force 10 gear
(Specifically their E-Series and C-Series)? They came and did their
whole dog and pony show today, but I wanted to get real-world feedback
on their gear.

I need to know about their

1) Reliability

2) Performance

EANTC did a comprehensive study of the E-series:

http://www.eantc.de/en/test_reports_presentations/test_reports/force_10_sfm_failover_video_ftos_6211.html

http://www.eantc.com/fileadmin/eantc/downloads/test_reports/2006-2008/Cisco-Force10/EANTC_Full_Report.pdf

http://www.eantc.com/fileadmin/eantc/downloads/test_reports/2006-2008/Cisco-Force10/Section_8.pdf

3) Support staff (how knowledgeable are they?)

I'm not a customer, so I can't speak to this.

4) Price (higher/lower/comparable to comparable Cisco gear)

Comparing list pricing, it looks like Force 10 would have you pay more
for less features.

As a box designed with the enterprise datacenter in mind, the E-series
looks to be missing several key service provider features, including
MPLS and advanced control plane filtering/policing.

http://www.force10networks.com/news/pressreleases/2007/pr-2007-02-05.asp

https://www.force10networks.com/CSPortal20/KnowledgeBase/DOCUMENTATION/CLIConfig/FTOS/E_CONFIG_6.5.4.0_7-Feb-08.pdf

Paul

EANTC did a comprehensive study of the E-series:

http://www.eantc.de/en/test_reports_presentations/test_reports/force_10_sfm_failover_video_ftos_6211.html

http://www.eantc.com/fileadmin/eantc/downloads/test_reports/2006-2008/Cisco-Force10/EANTC_Full_Report.pdf

http://www.eantc.com/fileadmin/eantc/downloads/test_reports/2006-2008/Cisco-Force10/Section_8.pdf

Did you read these? They appear to be nonsense. They were bought and paid for by Cisco, and including nonsense things like "if you leave a slot open the chassis will burn up" as a decrement, which is also true in pretty much every big iron vendor. They also deliberately detuned the force10 configuration. They re-ran the tests using the recommended configuration and got very different numbers -- which you can request from them, but they won't publish on the website.

I'm not trying to be a Force10 advocate here (although I like their stuff) so much as trying to point at an incredibly biased and non-vendor-neutral report. It is entirely funny the amount they tried to make nonsensical stuff sound important.

Comparing list pricing, it looks like Force 10 would have you pay more
for less features.

Based on what? For E and C series boxes, Cisco is never cheaper. S-series are a different story.

As a box designed with the enterprise datacenter in mind, the E-series
looks to be missing several key service provider features, including
MPLS and advanced control plane filtering/policing.

Ah, because Cisco does either of these in hardware?

1) Reliability

Very good. Across our entire business we've lost 1 RPM module in ~2 years.

2) Performance

[Note: we have no 10g interfaces, so I can only speak to a many-singleg-port environment]
Much higher than Cisco. So good at dealing with traffic problems that we have had multi-gig DoS attacks that we wouldn't have known about without having an IDS running on a mirroring port.

3) Support staff (how knowledgeable are they?)

Significantly higher than Cisco, and escalation is easier. On par with Juniper.

4) Price (higher/lower/comparable to comparable Cisco gear)

80% of the Cisco of a comparable Cisco solution, and the support contracts are cheaper too.

We're exclusively a Cisco shop here right now (mostly Cat6500s), so
changing out some of our core gear with Force 10 is a bit 'scary', but
if it meets our needs, maybe...

If you go from Juniper to Force10 you might find some things lacking, but Cisco to Force10 is only an improvement. You'll never have to wonder if the command you're typing will throw the unit into software routing mode, as Cisco bugs have usually done. (not possible in the FTOS architecture)

These things are so very solid that I rarely spend any time doing network work any more. Gigabit line-speed BCP38 makes life easier for the abuse helpdesk too.

2) Performance

[Note: we have no 10g interfaces, so I can only speak to a many-singleg-port
environment]
Much higher than Cisco. So good at dealing with traffic problems that we
have had multi-gig DoS attacks that we wouldn't have known about without
having an IDS running on a mirroring port.

Do they have something with a few singleg-ports (could be only 2) but
can route a large FIB (half a million, million routes) and some large
RIBs (3 full-routing views, a hundred peers) ?

Rubens

> As a box designed with the enterprise datacenter in mind, the E-
series
> looks to be missing several key service provider features, including
> MPLS and advanced control plane filtering/policing.

Ah, because Cisco does either of these in hardware?

Yes. PFC3 inside Supervisor 32, 720 and RSP 720 for Catalyst 6500/Router
7600 series perform both of these features in hardware. The article
mentioned in this thread compares Force10 E against the 6500 series.

james

http://www.eantc.de/en/test_reports_presentations/test_reports/force_10_sfm_failover_video_ftos_6211.html

http://www.eantc.com/fileadmin/eantc/downloads/test_reports/2006-2008/Cisco-Force10/EANTC_Full_Report.pdf

http://www.eantc.com/fileadmin/eantc/downloads/test_reports/2006-2008/Cisco-Force10/Section_8.pdf

Did you read these?

Yes.

They appear to be nonsense. They were bought and paid
for by Cisco, and including nonsense things like "if you leave a slot open
the chassis will burn up" as a decrement, which is also true in pretty much
every big iron vendor.

Current-generation Cisco and Juniper hardware don't seem to have this problem.

I don't think the "remove one SFM and all the others go offline"
failure mode is commonplace among other vendors either.

They also deliberately detuned the force10
configuration. They re-ran the tests using the recommended configuration
and got very different numbers -- which you can request from them, but they
won't publish on the website.

I'd be interested in seeing this. Mind putting them up somewhere and
sharing the URL?

Based on what? For E and C series boxes, Cisco is never cheaper. S-series
are a different story.

I was comparing list pricing for the E-series up against Catalyst
6500, Supervisor 720-3BXL, 6700 blades with CFC... which I consider a
fair comparison.

As a box designed with the enterprise datacenter in mind, the E-series
looks to be missing several key service provider features, including
MPLS and advanced control plane filtering/policing.

Ah, because Cisco does either of these in hardware?

Yes, they do, on the s720-3B and better.

Drive Slow,
Paul Wall

1) Reliability

Very good. Across our entire business we've lost 1 RPM module in ~2 years.

How many boxes in total? Losing a single routing engine in two years
is not a bad MTBF, though I wonder if we're talking about one chassis
or one thousand.

2) Performance

[Note: we have no 10g interfaces, so I can only speak to a many-singleg-port
environment]
Much higher than Cisco. So good at dealing with traffic problems that we
have had multi-gig DoS attacks that we wouldn't have known about without
having an IDS running on a mirroring port.

Routing n*GE at line rate isn't difficult these days, even with all
64-byte packets and other "DoS" conditions.

Linksys, D-Link, SMC, etc are able to pull it off on the layer 3
switches sold at Fry's for a couple benjamins a pop.

Now mind you, this is all traffic through the router. I'd imagine
Force 10 would have a problem with traffic aimed at its interface or
loopback IPs, given their lack of control plane policing/filtering,
unlike say:

http://aharp.ittns.northwestern.edu/papers/copp.html

3) Support staff (how knowledgeable are they?)

Significantly higher than Cisco, and escalation is easier. On par with
Juniper.

This is good, though not necessarily hard when you have a small pool
of TAC people.

Then again, I've always had a good support experience with Extreme,
but I'm not about to run out and replace my core with Black Diamonds.

These things are so very solid that I rarely spend any time doing network
work any more. Gigabit line-speed BCP38 makes life easier for the abuse
helpdesk too.

I'm unaware of any hardware-forwarding-based platforms which can't do this.

Though if I find any, I'll be sure to steer clear!

Paul Wall

"Then again, I've always had a good support experience with Extreme,
but I'm not about to run out and replace my core with Black Diamonds.
:)"

I once worked at a place where we had BD 6808's at the core; one of them
consistently had hardware issues, and it took me the better part of a year
of fighting with Extreme to get them to replace the chassis, but when they
did, the problems went away, imagine that. I suppose similar isolated
incidents could happen with anyone occasionally though.

Chris

If you've worked long enough, you will have had everything happen to you.

I've had power supply problems where it was actually the SUP720-3BXL that was the issue (discovered after first replacing PSU, then chassis, then finally the SUP).

We have a GSR where we have replaced everything so far (including chassis), problem still persists. What do to then? Ask to replace everything again but do this in one bang?

Must be interesting to work as a TAC engineer, they must see a lot of weird things.

Paul Wall wrote:

  

Does anyone here have real-world experience with Force 10 gear
(Specifically their E-Series and C-Series)? They came and did their
whole dog and pony show today, but I wanted to get real-world feedback
on their gear.

I need to know about their

1) Reliability
2) Performance
    
EANTC did a comprehensive study of the E-series:

http://www.eantc.de/en/test_reports_presentations/test_reports/force_10_sfm_failover_video_ftos_6211.html

http://www.eantc.com/fileadmin/eantc/downloads/test_reports/2006-2008/Cisco-Force10/EANTC_Full_Report.pdf

http://www.eantc.com/fileadmin/eantc/downloads/test_reports/2006-2008/Cisco-Force10/Section_8.pdf
  
Standard benchmarketing. Not that I blame Cisco or EANTC for that, since they were debunking some benchmarketing done by Force10 and Tolly, but consider the source (and follow the money) when reading any "independent" test and what that means for accuracy.

80% of the EANTC report can be summed up as "The default CAM profile didn't do what we wanted, and we didn't bother asking Force10 for the commands to make it work." There are indeed some interesting product weaknesses, like any vendor has, but the fact that Force10's CAM can be partitioned to match the buyer's needs, rather than having a fixed configuration that all customers are forced to use, is an advantage in my book.

S

(Disclosure: I am a former employee of both Cisco and Force10, but have no ties to either today.)

Standard benchmarketing. Not that I blame Cisco or EANTC for that, since they were debunking some benchmarketing done by Force10 and Tolly, but consider the source (and follow the money) when reading any "independent" test and what that means for accuracy.

80% of the EANTC report can be summed up as "The default CAM profile didn't do what we wanted, and we didn't bother asking Force10 for the commands to make it work." There are indeed some interesting product weaknesses, like any vendor has, but the fact that Force10's CAM can be partitioned to match the buyer's needs, rather than having a fixed configuration that all customers are forced to use, is an advantage in my book.

Having delved a bit deeper into F10's "partitioning" scheme, actually, it's not as flexible as one might hope.
There are a very small number of relatively large pages and you have to partition on page boundaries
which leaves you with only limited flexibility when it comes to the CAM partitioning.

Bottom line, in a few years, everyone carrying full tables with F10 gear will probably need to
upgrade all of their line cards to quad-cam.

Another thing to note (as near as I can tell, this applies to all vendors). All line cards will function
only at the lowest common denominator line card CAM level.

IOW, if you have single, dual, and quad-cam cards in your F10 chassis, they'll all act like
single-CAM cards.

Owen

I'd have to second that. This is a very annoying fact, that you will find mentioned nowhere.
What I also used to dislike is the lack of verbosity of 'show features' - but that was back a year ago.
Btw, you absolutely want to avoid the S series, the CLI is a pain, and is not the same as the E or C series, and lacks many features.
Price/10G port is interesting though, but not as much as with Arastra, if that's switching you're into. (never tested any such kits though...)
My own 2 cents.

Greg VILLAIN

The S series runs the same FTOS as the C and E series, as of a number
of months ago. The only exception is the 2410, ie all 10G ports L2
only.

-jim

Sort of... There are still some notable differences in behavior.

Owen

Sorry, I was on an installation with 6500s and 720s trying to do uRPF and it kept falling back to software and killing the units. What your reading has no reality in my experience.

I've been told exactly the same about MPLS by someone I trust (and who would only speak based on real experience, not reading online articles)
   "It works kindof, but when it fails you lose the entire network".

They appear to be nonsense. They were bought and paid
for by Cisco, and including nonsense things like "if you leave a slot open
the chassis will burn up" as a decrement, which is also true in pretty much
every big iron vendor.

Current-generation Cisco and Juniper hardware don't seem to have this problem.

Your statement doesn't match my experience.

I don't think the "remove one SFM and all the others go offline"
failure mode is commonplace among other vendors either.

It is neither common nor even actual on Force10. I've pulled many an SFM

They also deliberately detuned the force10
configuration. They re-ran the tests using the recommended configuration
and got very different numbers -- which you can request from them, but they
won't publish on the website.

I'd be interested in seeing this. Mind putting them up somewhere and
sharing the URL?

Sorry, my day job doesn't include promoting anyone's gear or etc. Got other things need doing. Ask EATC and ask them about their ethics while you're at it.

Based on what? For E and C series boxes, Cisco is never cheaper. S-series
are a different story.

I was comparing list pricing for the E-series up against Catalyst
6500, Supervisor 720-3BXL, 6700 blades with CFC... which I consider a
fair comparison.

For equivalent redundancy and ports, the Force10 is always cheaper - even just in list price. (on the E-series -- Cisco has some cheaper options than the S-series so I've heard - don't care)

As a box designed with the enterprise datacenter in mind, the E-series
looks to be missing several key service provider features, including
MPLS and advanced control plane filtering/policing.

Ah, because Cisco does either of these in hardware?

Yes, they do, on the s720-3B and better.

No, they don't. There are *no* *zero* providers doing line-speed uRPF on Cisco for a reason. Stop reading, start testing.

Sorry, I thought you were serious. I didn't realize you were joking. Carry on.

*plonk*

>
> Yes. PFC3 inside Supervisor 32, 720 and RSP 720 for Catalyst 6500/
> Router
> 7600 series perform both of these features in hardware. The article
> mentioned in this thread compares Force10 E against the 6500 series.

Sorry, I was on an installation with 6500s and 720s trying to do uRPF
and it kept falling back to software and killing the units. What your
reading has no reality in my experience.

uRPF was problematic back in PFC2 based platforms (i.e. SUP2) where it is
further dependent upon unicast routes in FIB TCAM.

uRPF currently works fine enough on PFC3 based sups, the only problem
however is currently only "one or the other" mode is supported for the
entire box, as opposed to per interface. For example, configuring
loose-mode uRPF in one interface, then configuring a strict-mode in another
will result in entire box behaving as strict-mode interface for all uRPF
enabled interfaces. Other than this caveat, I never had problems with it.

However, these uRPF issues are fully documented. Reading manuals and
documentation should help you avoid getting into operational problems such
as "kept falling back and killing the units" scenario.

Control plane policing via cp-policer works quite well on pfc3 based 6500's.
This is ofcourse a very important feature (more important than uRPF in
today's internet IMO) that appears to be missing in f10 gear which is what
Paul was saying earlier.

james