Vyos Full Routing DDos attacks 4-6M pps


I am thinking of using Vyos on a network I have with game servers, I get DDos attacks of 20-30Gbps and 4-6M packets per second max peak during the first 1-2 second hit, until Fastnetmon detects it and I route it through my antiddos provider. I currently use 2 Arista switches with BGP default route. The idea is to have 2 Vyos with 2x10Gbps for each server, BGP Full routing and Intel Xeon E5-2660v3 with 32GB DDR4, do you think it will perform without problem? Or Vyos is not made for this?

The traffic I normally run is 1-2Gbps with 50-100k packets per second.

Thank you,

I have put more traffic through a VyOS box with lesser hardware without issue. However it may be easier to provide you an answer if you provide a network diagram.

2 Cisco Nexus switches, between them connected at 2x40Gbps and one 10G from each switch connected to the internet provider. 2 Dell R630 E5-2660v3, 32GB, Intel X710 2xSPF+, each server with Vyos connected to the two switches.

Requirements for Vyos routers:

Full Routing BGP
20-30Gbps peak traffic with 4-6 million packets (this traffic balanced by the two Vyos).

Does this work for you? The function of the Vyos will be as a core router, raising the BGP against the Internet provider and the antiddos provider and announcing the ranges of my network, Vyos will send sflow to Fastnetmon and when it detects an attack, it will change the routes so that the antiddos provider filters the attack.

Does this work for you?


In this thread was reached 10Mpps with XDP

Without enabling XDP, even if you have a higher-level CPU, you’ll still be limited to 2mpps. However, with XDP enabled, you’ll need to disable the VLAN interface and firewall since XDP doesn’t support VLAN in VyOS, and the firewall won’t be able to keep up with the speed of XDP.

I wish that VyOS would support this project and become a part of the ISP router industry.