Hi Pascale
That's an answer I was looking for.
Some more questions. Why you suggest the SP Service IOS? What's about the 3825/45 Series? Would that be the "golden middle way"? Will this box give us a little more capacity, so there is little bit of air for the router, or is the only way to go for a 2851 or a 7xxx System?
Kind Regards
Patrick
****************************************************************************** X-NetConsulting GmbH Internet http://www.x-netconsulting.ch Grosspeterstrasse 21 E-Mail p.studer@x-netconsulting.ch CH-4052 Basel Telefon +41 61 315 85 55 Schweiz Fax +41 61 315 85 59 ******************************************************************************
-----Ursprüngliche Nachricht----- Von: Pascal Gloor [mailto:pascal.gloor@spale.com] Gesendet: Donnerstag, 17. September 2009 10:41 An: studer.patrick@gmx.ch Cc: 'swinog@lists.swinog.ch' Betreff: Re: [swinog] Full BGP Routing Router Requirements
Hi Patrick,
The first step will be, to have 10 Mbit/s fixed or 100 Mbit/s burstable service with an additional link to SwissIX where we want to do some privat peerings.
In a second step, we will add a second or a third upstream with about the same speeds as the first connection. All connection should be done by normal Ethernet connection.
As a minimal BGP setup I usually suggest to have one 2851 per upstream. It needs some upgrades, 1Gb DRAM and SP SERVICES IOS. This router has two GigabitEthernet interface so you can use one for wan and one for lan. You can also add a 4 ports 10/100 switch module if you need multiple lan connexions (limited to 100mbps).
If you have multiple upstream providers and therefor multiple routers, I suggest to have a separate lan (maybe vlan) with all the routers in it for the iBGP full mesh.
This is, indeed, a minimal setup, I wont protect you from attacks of any kind and the router capacity is limited. However you should be able to route at least 100-200mbps.
If you really need protection, you will need a 7200-NPE-G1/2 (which will be able to hold 700-1000mbps traffic), but still, its capacity to hold directed attacks is limited. For best protection a suggest a 7600-RSP720-3CXL which is full hardware platform, protection of the router can be done in hardware (CPP, control-plane policy).
But this might be just a little bit too expensive...
Cheers, Pascal