[prev in list] [next in list] [prev in thread] [next in thread] 

List:       inet-access
Subject:    RE: Foundry & Extreme Experience
From:       "Peter Clark" <pclark () raindance ! com>
Date:       2004-03-12 17:27:59
Message-ID: C76FC9BFEE5E9D4ABDB25DE1BB5F1364157F68 () adex1 ! lsv ! raindance ! com
[Download RAW message or body]


I've had the opposite experience with Foundry for over four years now.
Over 100 devices, mostly BigIron/Ironcore, as well as some
BigIron/JetCore, NetIron, ServerIron and FastIron.  We run a lot of
layer 3 and some layer 2, BGP, OSPF, ACL'S, etc...  They've been very
solid, except for a couple of version 7.5.05 code revs befor 7.5.05.r.
They handle DoS and worms very well.  CPU barely raised a couple percent
during outbreaks.

As far as the optics go, you're probably refering to the Molex brand
optics.  They used to be Foundry's biggest provider of optics, until
they discovered that they begin to fail after a little more than one
year in use.  Foundry discovered it in early 2001.  It was a bit of a
pain, but Foundry stepped up and worked by our terms to replace all of
the Molex optics.  They advance shipped modules according to our
scheduled maintenance.  I believe a lot of Cisco customers suffered the
same fate.  If you still have Foundry gear, you should work with your
rep.  They provided us with a list of our boards and stackables that had
Molex optics.

-----Original Message-----
From: list-bounces@inet-access.net [mailto:list-bounces@inet-access.net]
On Behalf Of Adam Rothschild
Sent: Friday, March 12, 2004 6:58 AM
To: Keith McCallion
Cc: list@inet-access.net
Subject: Re: Foundry & Extreme Experience


On 2004-03-09-16:50:45, Keith McCallion <keith@mccallion.com> wrote:
> We are considering replacing our existing Cisco 6509s with switches 
> from Foundry or Extreme. While the existing 6509s work well, we want 
> to lower our cost per Gig port, add 10Gig support, and start doing 
> more layer 3 on the switches.
[...]

Personally, I'd take the "if it ain't broke, don't fix it" approach with
regards to migrating away from Cat6k.

Once upon a time, I used to have a bunch of Cat6K/Sup1A/MSFC2's in
production, and they were real workhorses.  They'd absorb whatever
traffic I'd throw at them -- and BGP, OSPF, ACL's, whatever -- and beg
for more.  Only hardware failure was directly attributable to facilities
issues on our side, namely AC breaking and a room they were in running
at 95-100+F for multiple days. :)

Now, let's contrast that with Foundry.

NYIIX (www.nyiix.net) runs on BigIron 8000/15000's.  Skimming through my
mailbox, they were down 9/18/2003, 10/06/2003, 10/08/2003, 10/09/2003,
10/22/2003, 10/29/2003, 12/09/2003, 12/23/2003, and 01/05/2004 ...all
due to Foundry hardware/software issues.  And they're only running it in
a simple layer 2 config!

Several large hosting shops (where large == multi-gb/s aggregates, for
the sake of argument) used to run Foundry boxes as routers, but kicked
then to the curb in favor of Juniper and/or Cisco kit within the last
year or two, citing reliability concerns.

And their optics seem to burn out more often than others, so if you do
go this route, be sure to buy SFP/GBIC-based blades, as opposed to
fixed-config.  Oh, and on the subject of 10Gig-E -- just so we're on the
same page, the Foundry kit is backplane-limited to 8gb/s on the 10GbE
interfaces.  Beyond that, I have no architectural need for 10gb, so I
can't speak to their reliability or lack thereof.

Though in their defense, Foundry is well aware of their negative image,
and is actively working to do something about it.  Perhaps now's a good
time to wait it out and see where that goes?  New ServerIron code has
some really nifty stateful firewalling and DoS suppression knobs, and
word on the streets is BigIron ASIC's can do "deep filtering" by
matching packet attributes even Juniper can't, and will be utilizing
this in future code.  And the Equinix Exchange's haven't had (as many)
Foundry issues, though I think they're running JetCore hardware and
newer code (NYIIX == IronCore).

Extreme works "all right" in a strictly layer 2 capacity, and offers
incredibly cheap gig port density.  I'd stay away from using it as a
router, as its flow-based architecture can't cope particularly well with
random-source/destination [D]DoS attacks, or even Windoze worms.

Oh well, off the soapbox for now.  Flames welcome, public or private.
YMMV, KTHKX, etc.

-a
_______________________________________________
"Eat sushi frequently". - Avi
inet@inet-access.net is the human contact address. list@inet-access.net
is the list posting address. See below URL for subscribe/unsubscribe and
list options: http://inet-access.net/mailman/listinfo/list
_______________________________________________
"Eat sushi frequently". - Avi
inet@inet-access.net is the human contact address.
list@inet-access.net is the list posting address.
See below URL for subscribe/unsubscribe and list options:
http://inet-access.net/mailman/listinfo/list

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic