Is cpu very important for bgp routing and tunnel?


(a) A1SRM-LN7F-2358 ,
it’s cpu is just Atom C2358.
16-32GB RAM

(b) X11SSL-F,
with cpu E3-1230v5
16-32GB RAM
i may add extra NIC card.

© HP DL320E G8 V2
with cpu E3-1230V3
16-32GB RAM
i may add extra NIC card.

i think to make ip transit with 1-4 isp,
and build a tunnel(when ddos happen,i want to advance the connection to ddos protection service provider,and lwt the connection go to my vyos/network via the tunnel.) on it.

the normal bandwidth is about 100M now,
but i hope it can load about 1G connection well all the time without issue.

with those three hardwares,
are they fine to handle them well ?


My git tells me that for only 1Gbit/s the Atom is suited enough. If you one day move to 10G the Atom will not handle the full line rate.

@orya If the attack will be to the VyOS, it load CPU to 100% in any case.
You must understand that with full CPU utilization and full load bandwidth it will be difficult to establish tunnel or bgp-session.
For normal traffic (without ddos) I think it will be enough.


If the attack will be to the VyOS, it load CPU to 100% in any case.
<<< will only software router have the issue ?
or cisco and juniper also have the same issue ?


Without firewall cisco and juniper will have similar behavior.
Differenece only with ddos to router or through router (or to VyOS ot through VyOS).
It related to ddos from 1 MPPS and more…


  1. does it mean cisco and juniper have extra firewall feature ?

  2. do you mean
    (1) ddos to router <<< it is vyos’s router ip ? or ?
    (2) through router <<< it is the /24 or other ranges managed by the vyos ?


This means that the firewall can smooth out the attack on all routers include VyOS.

In the case when traffic is addressed directly to the system, more processor time is needed to process the packets.
In the case of traffic passing between interfaces, less processor resources are needed.

P.S. Juniper depending on the model can have separate control plane and data-plane with own interface ASICs which handle and forward traffic.