Router upgrade for small colo provider

Hello, hope this isn't too far offtopic here but being a troller for a long
time here I've realized there is a great knowledge base so I wanted to at
least see if i could get some tips. I help run a small colocation company
in California and I am in the middle of recommending a new 'core router'
platform for our network. We offer mainly colo and dedicated servers, and
several of our clients use our space for VOIP services so quality even under
high peak usage is a must. We are not huge, but as we have had near 200%
growth in the past 12 months and need to expand our network asap to keep up.
Simply put, I'd love to hear feedback and/or suggestions from any of you
guys who have gone through this already.

Our network map is real simple:

[Carrier 7609] --> 100 mbit --> Our cisco 7206 --> 100 mbit --> racks

[the racks on our end are a series of switches, mainly 2948gl3's]

We push about 60 mbit to/from our (1) carrier at peak right now, and the
router keeps up fine [its a cisco 7206 npe 150 btw, very low end on the 7206
line], and at peak we have under 50,000 packets per second, and our 7206
has little/no features enabled [just static routes and passing all traffic
between 2 Ethernet 100 mbit interfaces].

To date we have had 2 problems, both were DOS attacks launched FROM one of
our customer's servers flooding a full 100 mbit wire with more packets per
second than the router could handle (the 2948gl3's spiked to about 50% cpu
load during the attack but the 7200 literally just died for 3 minutes as the
interface(s) all rebooted]. So our main goal to grow is something that can
handle a lot more in this arena against a DOS, and handle our future growth.

In then next 12 months we plan to add a 2nd carrier, at t3, 100mbit, or
possibly oc3 speed, and possibly upgrade our main carrier to a GigE
connection. Probably maxing combined in the 300 mbit range, more likely
closer to half that in 12 months.

==== Problems/Requirements ====
- Budget is in the $5k to $20k range ($20k if its going to outlast me even
past my 12 month projections)
- must not 'collapse' under simple packet flow DOS attack
- must handle BGP4 from 2 carriers with full route tables
- We plan to buy used, prices below are based on USED, 30 day warranty ebay postings

===== Choices/Options that we have looked at: ====
Option #1: Cisco VXR 7206 [$4k to $12k]
Option #2: Cisco 12008 [$7k to $14k]
Option #3: Cisco 6509 [$10k to $15k]

Here are the 3 main options, broken down a bit more in depth. [I have not
ruled out juniper all together, but not enough experience with them and
lots of experience with cisco, makes cisco our better option i think,
especially since its easier to find used cisco gear than it is to find used
juniper gear at a decent price].

[option #1 - Cisco 7206 VXR]

[option #3 - Cisco 6509 switch'router' w/MSFC2]

[...]

> - 'not a router' as some would say [though this one is as good
> as it gets for a switch with router ability built in, so i read
> at least]

It routes packets, therefore it is a router

Seriously, the people who call it "not a router" are talking through
their hats.

> - bgp4 support appears limited in previous versions, but the
> MSFC2 processor supposedly can handle (2) bgp4 sessions
> properly [makes me nervous]

I have some of these running with combinations ranging from 5
full-routes sessions + iBGP through to 2 full + iBGP + 70+ peers. You
don't need to be nervous about the MSFC2's ability to do BGP (though
for serious work you do want the maximum memory in both the MSFC2
_and_ the Sup2 (512M and 256M respectively) - the 256M on the Sup2 is
_important_ if you're going to have full routes).

> - no support for anything but 100mbit, or gigE links, wont work
> with t3, or oc3 lines

I understand there are modules for other interface types. No idea how
easy they are to get hold of; we only use gigE.

> - 'all eggs in 1 basket' theory, if it breaks you loose all
> your ether switches! [at least with separate routers/switches i
> can swap in an old 7206 router spare and get back online fast
> in a worst case scenario.

We solve this by having multiple routers...

Other negative factors you didn't list:

  - PFC2 has a hardware forwarding table limit of about 256k prefixes
    (of which I think some are reserved). uRPF cuts that in half.
    Current routing table size is ~176k prefixes... so no uRPF
    possible with full routes, and the total routing table size may
    become an issue.

  - PFC2 doesn't support IPv6. At all. I don't know if any IOS versions
    available for the 65xx support IPv6 in software, but...:

  - MSFC2 has relatively limited capacity for forwarding traffic in
    software. This normally isn't a problem, but it means you have to
    be careful not to do things (like trying to log traffic in ACLs)
    that result in your main traffic flows being punted to the MSFC.

There are lots of other advantages besides the ones you mentioned,
though.

It's actually 512M on both. With later/bigger IOS versions, you might actually utilize >256M on the Sup2. Max both out at time of purchase so you don't have to take it down later for upgrades.

#remote command switch show mem
                 Head Total(b) Used(b) Free(b) Lowest(b) Largest(b)
Processor 448543E0 393919520 108659576 285259944 273392008 211623448
       I/O 8000000 67108880 10353328 56755552 56755552 56755512

That's from a WS-X6K-SUP2-2GE.