Used router advice for small web host moving to own ASN
I run a small web hosting company, i'm primarily a sys admin, my network knowledge is ok but my routing knowledge and experience does let me down so please bear with me on these questions.
We currently have our own PI Space, which our transit provider put on our port for us and handle the routing. Due to a recent spate of DDOS attacks and other issues, we've decided to move to our own ASN, and handle our own BGP, allowing us to null route ip's on demand, manage our network better and increase capacity to soak up the attacks.
I'm after a router which will fit the following:
1) Handle a full table (i believe i need this if i have my own ASN?)
2) Our bandwidth requirement is 200mbps, but i would like it to handle 4gbps incase of attacks.
3) 8 x 1Gbe ports (4 link aggregated uplink and 4 aggregated to our internal network)
3) Fully redundant incase of hardware failure or OS upgrades (maybe 2 routers in active/active might be better(cheaper) than 1 large hardware redundant system?)
4) Budget conscious - i will spend the money it requires to do this properly, but we are on a tight budget. I will definitely be looking at used equipment, previous generation(s) - whatever suits the best.
Thanks for your reply. I think in the interest of simplicity and the fact we don't need a table, we'll go with a layer 3 switch, we can then aggregate 4 x 1gb to our provider.
I'm thinking of going for the 3750-X with IP Services image. Can you (or anyone for that matter) tell me if the Services Module is required for Netflow functionality? Or does Netflow on the fixed ports work regardless if the services module is installed or not?
I assume that won't be that easy. The "smaller" switches all don't support netflow (to my knowledge) and the routers get pretty expensive with higher throughput. But they all support netflow. Perhaps you get somewhere a refurbished Cat-4500 with Supervisor Engine V-10GE:
To use the NetFlow feature, you must have the Supervisor Engine V-10GE (the functionality is embedded in the supervisor engine), or the NetFlow Services Card (WS-F4531) and either a Supervisor Engine IV or a Supervisor Engine V.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.